CVE-2024-22752
📋 TL;DR
CVE-2024-22752 is an insecure permissions vulnerability in EaseUS MobiMover that allows attackers to escalate privileges by placing a malicious executable in the application's installation directory. This affects users running EaseUS MobiMover 6.0.5 Build 21620 on Windows systems. Attackers can gain SYSTEM-level privileges if they can write to the installation directory.
💻 Affected Systems
- EaseUS MobiMover
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full SYSTEM-level privilege escalation leading to complete system compromise, data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Local privilege escalation allowing attackers to bypass security controls, install additional malware, or access protected system resources.
If Mitigated
Limited impact if proper file permissions prevent unauthorized writes to the installation directory and users operate with minimal privileges.
🎯 Exploit Status
Exploitation requires the ability to write files to the MobiMover installation directory, which may be accessible to standard users due to improper permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
No official patch available. Check EaseUS website for security updates and consider upgrading to the latest version if available.
🔧 Temporary Workarounds
Restrict Installation Directory Permissions
windowsModify file permissions on the MobiMover installation directory to prevent standard users from writing files.
icacls "C:\Program Files\EaseUS\MobiMover" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F"
Uninstall Vulnerable Version
windowsRemove the vulnerable version of EaseUS MobiMover from affected systems.
Control Panel > Programs > Uninstall a program > Select EaseUS MobiMover > Uninstall
🧯 If You Can't Patch
- Implement strict file permissions on the MobiMover installation directory to prevent unauthorized writes
- Monitor for suspicious file creation in the MobiMover directory and privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check if EaseUS MobiMover version 6.0.5 Build 21620 is installed and verify file permissions on the installation directory allow standard users to write files.Check Version:
Check program version in Control Panel > Programs > Programs and Features, or check the About section within the MobiMover application.Verify Fix Applied:
Verify that file permissions on the MobiMover installation directory prevent standard users from writing files, or confirm the software has been updated to a newer version.📡 Detection & Monitoring
Log Indicators:
- File creation events in the MobiMover installation directory by non-admin users
- Process creation events showing MobiMover launching unexpected executables
- Privilege escalation attempts from MobiMover processes
Network Indicators:
- Unusual outbound connections from MobiMover processes following privilege escalation
SIEM Query:
EventID=4688 AND (NewProcessName:*MobiMover* OR ParentProcessName:*MobiMover*) AND SubjectUserName!=SYSTEM AND SubjectUserName!=Administrator