Login Sign Up

CVE-2019-18349

9.8 CRITICAL

📋 TL;DR

CVE-2019-18349 is a privilege escalation vulnerability in HotkeyP software versions through 4.9 r96. The vulnerability allows local attackers to execute arbitrary code with elevated privileges by exploiting a flaw in the privilege function. This affects users running vulnerable versions of HotkeyP on Windows systems.

💻 Affected Systems

Products:
  • HotkeyP
Versions: All versions through 4.9 r96
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the privilege function in Commands.cpp and affects all default installations of vulnerable versions.

📦 What is this software?

Hotkeyp by Hotkeyp Project

View all CVEs affecting Hotkeyp →

Hotkeyp by Hotkeyp Project

View all CVEs affecting Hotkeyp →

Hotkeyp by Hotkeyp Project

View all CVEs affecting Hotkeyp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains SYSTEM/administrator privileges, installs persistent malware, accesses all user data, and disables security controls.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security restrictions, install additional malware, or access protected system resources.

🟢

If Mitigated

Limited impact if proper user account controls, application whitelisting, and least privilege principles are enforced.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.
🏢 Internal Only: MEDIUM - While requiring local access, internal attackers or malware could exploit this to escalate privileges within compromised environments.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available in the provided gist, showing the vulnerability can be triggered by local users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 4.9 r96

Vendor Advisory: https://sourceforge.net/p/hotkeyp/code/HEAD/tree/trunk/WhatsNew.txt

Restart Required: Yes

Instructions:

1. Download latest version from SourceForge. 2. Uninstall current HotkeyP. 3. Install updated version. 4. Restart system to ensure clean state.

🔧 Temporary Workarounds

Uninstall HotkeyP

windows

Remove vulnerable software completely to eliminate attack surface

Control Panel > Programs > Uninstall HotkeyP

Restrict User Privileges

windows

Run HotkeyP with standard user privileges instead of administrative rights

🧯 If You Can't Patch

  • Remove HotkeyP from all systems immediately
  • Implement application control policies to block HotkeyP execution

🔍 How to Verify

Check if Vulnerable:

Check HotkeyP version: Open HotkeyP > Help > About. If version is 4.9 r96 or earlier, system is vulnerable.

Check Version:

Check 'Help > About' in HotkeyP GUI or examine installed programs in Control Panel

Verify Fix Applied:

Verify HotkeyP version is newer than 4.9 r96 and test privilege escalation attempts fail.

📡 Detection & Monitoring

Log Indicators:

  • Process creation events for HotkeyP with elevated privileges
  • Windows Event Logs showing privilege escalation attempts

Network Indicators:

  • No network indicators - local privilege escalation only

SIEM Query:

Process Creation where Image contains 'hotkeyp' and IntegrityLevel changes to 'System' or 'High'

📊 Metadata

CVE ID: CVE-2019-18349
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: November 21, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON