CVE-2013-10046

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/agnitum_outpost_acs.rb
https://www.exploit-db.com/exploits/27282
https://www.exploit-db.com/exploits/28335
https://www.vulncheck.com/advisories/agnitum-outpost-internet-security-local-priv-esc

Configurations

No configuration.

History

04 Aug 2025, 15:06

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de escalada de privilegios local en Agnitum Outpost Internet Security 8.1 que permite a un usuario sin privilegios ejecutar código arbitrario con privilegios de SYSTEM. La falla reside en el componente acs.exe, que expone una canalización con nombre que acepta comandos no autenticados. Al explotar una vulnerabilidad de directory traversal en el protocolo de canalización, un atacante puede indicar al servicio que cargue una DLL maliciosa desde una ubicación controlada por el usuario. La DLL se ejecuta entonces en el contexto del servicio privilegiado.

01 Aug 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-01 21:15

Updated : 2025-08-04 15:06

NVD link : CVE-2013-10046

Mitre link : CVE-2013-10046

CVE.ORG link : CVE-2013-10046

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2013-10046", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "disclosure@vulncheck.com"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-01T21:15:26.190", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/agnitum_outpost_acs.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/27282", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/28335", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/agnitum-outpost-internet-security-local-priv-esc", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe\u00a0that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service."}, {"lang": "es", "value": "Existe una vulnerabilidad de escalada de privilegios local en Agnitum Outpost Internet Security 8.1 que permite a un usuario sin privilegios ejecutar c\u00f3digo arbitrario con privilegios de SYSTEM. La falla reside en el componente acs.exe, que expone una canalizaci\u00f3n con nombre que acepta comandos no autenticados. Al explotar una vulnerabilidad de directory traversal en el protocolo de canalizaci\u00f3n, un atacante puede indicar al servicio que cargue una DLL maliciosa desde una ubicaci\u00f3n controlada por el usuario. La DLL se ejecuta entonces en el contexto del servicio privilegiado."}], "lastModified": "2025-08-04T15:06:15.833", "sourceIdentifier": "disclosure@vulncheck.com"}