- Добро пожаловать на Mercedes-Benz W202 Club.
Nssm-2.24 Privilege Escalation
Nssm-2.24 Privilege Escalation
NSSM 2.24 does not enforce a restrictive DACL (Discretionary Access Control List) on created services. Instead, it relies on Windows defaults, which may allow SERVICE_CHANGE_CONFIG to non-admin users when the service is created during an administrative session but without explicit security hardening.
The Non-Sucking Service Manager (NSSM) version 2.24 is susceptible to a Local Privilege Escalation (LPE) vulnerability. NSSM is a utility used to wrap arbitrary applications as Windows Services. Due to insufficient sanitization of the application path and arguments when installed as a service, a local attacker can manipulate the service binary path to execute arbitrary code with SYSTEM privileges. nssm-2.24 privilege escalation
Software: Non-Sucking Service Manager (NSSM) Affected Versions: NSSM 2.24 (and likely prior versions) Severity: High Vector: Local Impact: Privilege Escalation (Local System) NSSM 2
Once elevated on one machine, the attacker harvests domain admin tickets or service account passwords, moving across the network. The Non-Sucking Service Manager (NSSM) version 2
Store Binaries in Protected Locations – Never place service executables in user-writable paths (avoid ProgramData, Temp, Users folders). Use C:\Program Files or C:\Windows\System32.
Use a Service Account with Least Privilege – Configure NSSM services to run as a managed service account (gMSA) instead of LOCAL SYSTEM.