Nssm-2.24 Privilege Escalation |top|
Typical exploitation steps (conceptual)
icacls "C:\Path\To\nssm.exe" /grant "SYSTEM:(F)" icacls "C:\Path\To\nssm.exe" /grant "Administrators:(F)"
The issue is not a memory corruption bug but a : nssm-2.24 privilege escalation
Or via registry (if direct sc fails):
: A more recent vulnerability identified in products like Phoenix Contact Device and Update Management involves misconfigured permissions on nssm.exe specifically, allowing low-privileged local attackers to gain administrative access. Vulnerability Summary Table CVE-2016-8742 Detail - NVD If the permissions on the folder where nssm
When NSSM is bundled with third-party installers, it frequently inherits weak folder or file permissions, allowing low-privileged users to replace the nssm.exe binary or its managed application with malicious code.
Or checks installed versions:
Given the severity and multiple appearances of this vulnerability class, proactive mitigation is essential.
If the permissions on the folder where nssm.exe or its managed application resides are weak (e.g., BUILTIN\Users has Modify or Write permissions), an attacker can replace the legitimate binary with a malicious one. Since NSSM is designed to restart services if they crash, an attacker can simply kill the process and wait for NSSM to restart their malicious version. 3. Known Bugs in v2.24 Known Bugs in v2
The Non-Sucking Service Manager (NSSM) is a lightweight, open-source utility designed to simplify the creation and management of Windows services. Unlike Microsoft's built-in sc command or legacy tools like srvany , NSSM offers a more robust solution, automatically handling restarts for crashed applications and providing detailed logging. It is particularly favored by developers and system administrators for wrapping any standard executable (console apps, scripts, Java JARs, Node.js servers) into a fully-fledged Windows service.