CVE-2022-27089 – This vulnerability allows a local attacker to e... (How to Fix)

Q: What is the severity of CVE-2022-27089?

CVE-2022-27089 has a CVSS score of 7.8 (HIGH). This vulnerability allows a local attacker to escalate privileges to SYSTEM level by exploiting an unquoted service path in Fujitsu PlugFree Network's PFNService.exe. It affects users running Fujitsu PlugFree Network version 7.3.0.3 or earlier. Attackers need local access to the system to exploit this vulnerability.

📋 TL;DR

This vulnerability allows a local attacker to escalate privileges to SYSTEM level by exploiting an unquoted service path in Fujitsu PlugFree Network's PFNService.exe. It affects users running Fujitsu PlugFree Network version 7.3.0.3 or earlier. Attackers need local access to the system to exploit this vulnerability.

💻 Affected Systems

Products:

Fujitsu PlugFree Network

Versions: <= 7.3.0.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to the system. The vulnerability is in the service installation path handling.

📦 What is this software?

Plugfree Network by Fujitsu

View all CVEs affecting Plugfree Network →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full SYSTEM privilege escalation leading to complete system compromise, data theft, persistence establishment, and lateral movement capabilities.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install malware, or access restricted resources on the compromised system.

🟢

If Mitigated

Limited impact due to proper access controls, monitoring, and restricted local user privileges preventing successful exploitation.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local system access, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Internal attackers or compromised user accounts can exploit this to gain SYSTEM privileges on affected workstations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Unquoted service path vulnerabilities are well-understood and relatively easy to exploit with local access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 7.3.0.3

Vendor Advisory: https://www.fujitsu.com/global/support/products/software/security/products-fujitsu.html

Restart Required: Yes

Instructions:

1. Download latest version from Fujitsu support portal. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Modify Service Path Permissions

windows

Restrict write permissions to directories in the service path to prevent malicious executable placement.

icacls "C:\Program Files\Fujitsu\PlugFree Network" /deny Users:(OI)(CI)W

Quote Service Path

windows

Manually edit the service configuration to use quoted paths in the service executable path.

sc config PFNService binPath= "\"C:\Program Files\Fujitsu\PlugFree Network\PFNService.exe\""

🧯 If You Can't Patch

Implement strict least privilege principles for local user accounts
Monitor for suspicious service modifications and file creation in service path directories

🔍 How to Verify

Check if Vulnerable:

Check service configuration: sc qc PFNService and look for unquoted path containing spaces. Also check installed version in Control Panel > Programs.

Check Version:

Check Programs and Features or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\PlugFree Network

Verify Fix Applied:

Verify service path is quoted: sc qc PFNService should show quoted path. Check installed version is > 7.3.0.3.

📡 Detection & Monitoring

Log Indicators:

Windows Event ID 7045: Service installation/modification
Unexpected file creation in service path directories
Process creation from unusual locations

Network Indicators:

Unusual outbound connections from SYSTEM context processes

SIEM Query:

EventID=7045 AND ServiceName="PFNService" OR ProcessCreation WHERE ImagePath contains "PlugFree Network" AND ParentImage not in approved list

📊 Metadata

CVE ID: CVE-2022-27089

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-428

Published: April 11, 2022

Last Updated: November 21, 2024

🔗 References

https://hansesecure.de/2022/03/schwachstelle-in-fujitsu-plugfree-network/ Third Party Advisory
https://hansesecure.de/2022/03/schwachstelle-in-fujitsu-plugfree-network/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27089, you might also want to check these: