CVE-2024-31127: Zscaler Client Connector 4.1.500.3 NSXPC Local Privilege escalation
It was possible to achieve local privilege escalation (LPE) through the following high level abuse steps:
CVEs
My Public CVEs and Acknowledgements
| Vulnerability ID | Platforms | Vendors | Title |
|---|---|---|---|
| CVE-2022-48127 | Web Application | Asus | RT-ACG1200G+ Router Webserver Open Redirect |
| CVE-2024-23480 CVE-2024-23482 CVE-2024-23483 CVE-2024-31127 |
macOS Application | Zscaler | Zscaler Client Connector NSXPC Local Privilege Escalation |
| CVE-2024-27357 | macOS Application | WithSecure | Elements Installer Local Privilege Escalation |
| CVE-2024-27358 | macOS Application | WithSecure | Elements Installer Denial of Service |
| CVE-2024-30165 | macOS Application | Amazon AWS | AWS VPN XPC Local Privilege Escalation |
| CVE-2024-47193 | macOS Application | WithSecure | Elements installer Denial of Service |
| wontfix | Windows Application | Zscaler | Zscaler Client Connector Windows Denial of Service |
| fixed | macOS Application | Zscaler | Zscaler Client Connector macOS Hardened Runtime Bypass |
| Bugcrowd | macOS Application | Dropbox | TCC Bypass |
| Bugcrowd | macOS Application | Dropbox | TCC Bypass |
| Bugcrowd | macOS Application | Dropbox | TCC Bypass |
| Bugcrowd | macOS Application | Dropbox | TCC Bypass |
| Bugcrowd | macOS Application | Dropbox | TCC Bypass |
| Bugcrowd | macOS Application | Upwork | TCC Bypass |
| CVE-2024-13177 | macOS Application | netSkope | installer Local Privilege Escalation |
| wontfix (hackerone) | macOS Application | Logitech | Local Privilege Escalation |
| wontfix (hackerone) | macOS Application | Logitech | Local Privilege Escalation |
| Bugcrowd | macOS Application | Front | TCC Bypass |
| Dupe | macOS Application | Zscaler | Zscaler Client Connector Installer Local Privilege Escalation |
| Dupe | macOS Application | Zscaler | Zscaler Client Connector Uninstaller Local Privilege Escalation |
| CVE-2024-55904 | Java Web Application | IBM | IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to command injection |
| CVE-2024-54176 | Java Web Application | IBM | IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a sensitive information disclosure |
| CVE-2024-56469 | Java Web Application | IBM | IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to unauthroized access to other services |
| CVE-2024-11468 | macOS | VMware | Horizon Client for macOS Installer Local Privilege Escalation |
| TBD | TBD | Palo Alto | Palo Alto Product |
| TBD | TBD | Admin By Request | Admin By Request Product |
2024
CVE-2024-30165: Finding and Exploiting the AWS Client VPN on macOS for Local Privilege Escalation
AWS Client VPN 3.9.0 allows a local attacker to maliciously kill the VPN connection, revert/fix the DNS settings and completely uninstall the AWS Client VPN ...
2023
NO-CVE 0day: Logitech Logi Capture 2.08.12 macOS Local Privilege Escalation (CoreMediaIO)
It was possible to achieve local privilege escalation (LPE) through the following high level abuse steps: Identification of weak POSIX directory and file ...
NO-CVE 0day: Logitech Logi Capture 2.08.12 macOS Local Privilege Escalation (LogiFacecamService)
It was possible to achieve local privilege escalation (LPE) through the following high level abuse steps: Identification of weak POSIX directory and file ...
NO-CVE: Upwork 5.8.0.33 TCC Bypass Through Hardened Runtime Bypass
It was possible for an attacker to load an unsigned malicious dylib into the /Applications/Upwork.app/Contents/MacOS/Upwork Mach-O and inherit entitlements w...
NO-CVE wontfix: Windows Zscaler Client Connector 4.2.0.190 Log Export Denial of Service
A directory junction could be created in place of a directory which the Zscaler Client Connector uses as part of the log file export process. This directory ...
Visual Studio-less WDM Windows Kernel Driver Programming: cmake and FindWDK
Visual Studio can be bloat, cmake and FindWDK allows for easy WDM driver compilation on the commandline
2022
CVE-2022-48127: Finding an Open Redirect and Some General Router Tomfoolery, rooting an ASUS Router via UART
Had a ASUS RT-AC1200G+ router that was doing nothing, had been watching Flashback team videos on youtube and was feeling a bit bored. Popped the router open ...
Cleaning CRT and Win32 Dependencies From Your MSVC Compiled Binary
Stripping Win32 and CRT dependencies from windows PEs to solely depend on NTDLL.dll.
Creating tiny 3.50 KB windows shellcode loaders, Its not about the size but how you use it: syscalled
Writing very very simple and tiny shellcode loaders using MASM assembly for the fun of it.
Who the F Called Me?: Trampoline Hook Caller Function Metadata Acquisition
This was research that was done for a University BSc Cyber Security and Digital Forensics dissertation, this project was chosen as a challenge as my Windows ...