Local Administrator On Default Environment

Local Administrator on Default Environment

Overview of the Vulnerability

The current configuration of the device uses a local administrator account as the default environment setting. This configuration inherently provides administrator-level access to the running processes and access, posing a significant security risk. If an attacker compromises the application or device, they can gain elevated privileges automatically, allowing for extensive control over the device's functions and data.

Business Impact

Operating devices under local administrator accounts by default increases the risk of severe security breaches. An attacker with administrator-level access can disable security measures, install malicious software, and access or alter sensitive information. This could lead to operational disruptions, data breaches involving sensitive customer or business information, and significant financial and reputational damage to the organization. Furthermore, this practice may fail to comply with security standards and regulatory compliance requirements.

Steps to Reproduce

  1. Open the device and use a TTY Cable to connect to the header pins found in the screenshot below: {{screenshot}}

  2. Using a serial connection with the command below, connect to the device: {{command}}

  3. Press enter then type the command id.

  4. You'll see the response is id=0 which is a local administrator account.

or

  1. Plug in a keyboard and power on the device.

  2. On boot, spam the escape key until a new prompt appears, and click Exit.

  3. Now on the desktop, open a terminal and type the command: {{command}}.

  4. You'll see the response shows the user is a local administrator account.

Proof of Concept (PoC)

The following screenshot(s) demonstrate(s) this vulnerability:

{{screenshot}}

Guidance

Provide a step-by-step walkthrough with screenshots on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result.

Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).

Recommendation(s)

It is recommended to use a low privileged account with minimal permissions for embedded hardware and kiosks.

PreviousKiosk Escape Or BreakoutNextOver Permissioned Credentials On Storage

Last updated