CVE-2022-31464 – This vulnerability in Adaware Protect v1.2.439.... (How to Fix)

Q: What is the severity of CVE-2022-31464?

CVE-2022-31464 has a CVSS score of 7.8 (HIGH). This vulnerability in Adaware Protect v1.2.439.4251 allows local attackers to escalate privileges by modifying the service binary path due to insecure permissions. Attackers can replace the legitimate service executable with malicious code that runs with SYSTEM privileges. This affects all users running the vulnerable version of Adaware Protect on Windows systems.

📋 TL;DR

This vulnerability in Adaware Protect v1.2.439.4251 allows local attackers to escalate privileges by modifying the service binary path due to insecure permissions. Attackers can replace the legitimate service executable with malicious code that runs with SYSTEM privileges. This affects all users running the vulnerable version of Adaware Protect on Windows systems.

💻 Affected Systems

Products:

Adaware Protect

Versions: v1.2.439.4251

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation configuration with no special settings required.

📦 What is this software?

Protect by Adaware

View all CVEs affecting Protect →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains SYSTEM privileges, enabling installation of persistent malware, credential theft, lateral movement, and disabling of security controls.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security restrictions, install additional malware, or access protected system resources.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, though the vulnerability still provides a foothold for attackers.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Any compromised user account on a system with vulnerable Adaware Protect can escalate to SYSTEM privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but is straightforward once access is obtained. The Medium article provides detailed exploitation methodology.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with vendor for updated version

Vendor Advisory: https://www.adaware.com/

Restart Required: Yes

Instructions:

1. Visit https://www.adaware.com/
2. Download latest version of Adaware Protect
3. Uninstall current version
4. Install updated version
5. Restart system

🔧 Temporary Workarounds

Restrict Service Permissions

windows

Modify service permissions to prevent unauthorized users from changing the binary path

sc.exe sdset AdawareProtectService D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)

Remove Vulnerable Software

windows

Uninstall Adaware Protect if not essential

appwiz.cpl
Select Adaware Protect and click Uninstall

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges on affected systems
Monitor for unauthorized service modifications and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check installed version of Adaware Protect via Programs and Features or using command: wmic product where name='Adaware Protect' get version

Check Version:

wmic product where name='Adaware Protect' get version

Verify Fix Applied:

Verify service permissions using: sc.exe sdshow AdawareProtectService and ensure only authorized users have SERVICE_CHANGE_CONFIG permission

📡 Detection & Monitoring

Log Indicators:

Windows Event ID 7045: Service installed
Windows Event ID 4697: Service creation
Unexpected modifications to Adaware Protect service configuration

Network Indicators:

None - this is a local privilege escalation vulnerability

SIEM Query:

EventID=7045 OR EventID=4697 | where ServiceName contains 'Adaware'

📊 Metadata

CVE ID: CVE-2022-31464

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: June 16, 2022

Last Updated: November 21, 2024

🔗 References

https://r0h1rr1m.medium.com/adaware-protect-local-privilege-escalation-through-insecure-service-permissions-44d0eeb6c933 Exploit,Third Party Advisory
https://www.adaware.com/ Product
https://r0h1rr1m.medium.com/adaware-protect-local-privilege-escalation-through-insecure-service-permissions-44d0eeb6c933 Exploit,Third Party Advisory
https://www.adaware.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-31464, you might also want to check these: