Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Universal_forensic_extraction_device_firmware | Sun-denshi | 5.0 (including) | 7.5.0.845 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html
References
- http://packetstormsecurity.com/files/157715/Cellebrite-UFED-7.5.0.845-Desktop-Escape-Privilege-Escalation.html
- https://github.com/thatguylevel
- https://korelogic.com/Resources/Advisories/KL-001-2020-002.txt
- https://korelogic.com/advisories.html
- https://twitter.com/thatguylevel
- http://packetstormsecurity.com/files/157715/Cellebrite-UFED-7.5.0.845-Desktop-Escape-Privilege-Escalation.html
- https://github.com/thatguylevel
- https://korelogic.com/Resources/Advisories/KL-001-2020-002.txt
- https://korelogic.com/advisories.html
- https://twitter.com/thatguylevel