CVE-2024-32861
📋 TL;DR
The C•CURE 9000 installer uses overly permissive file permissions during installation, potentially allowing local attackers to modify critical files. This affects organizations using Software House C•CURE 9000 physical security management systems. Attackers could escalate privileges or maintain persistence on compromised systems.
💻 Affected Systems
- Software House C•CURE 9000
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attackers could gain SYSTEM/root privileges, install backdoors, tamper with security configurations, or disable the physical access control system entirely.
Likely Case
Privilege escalation allowing attackers to modify security settings, access sensitive data, or maintain persistence on the system.
If Mitigated
Limited impact if proper access controls, least privilege principles, and network segmentation are implemented.
🎯 Exploit Status
Requires local access to the system. Exploitation involves manipulating installer permissions during or after installation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.10.1
Vendor Advisory: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Restart Required: Yes
Instructions:
1. Download C•CURE 9000 version 3.10.1 from Johnson Controls support portal. 2. Backup current configuration and databases. 3. Run the installer with administrative privileges. 4. Follow upgrade wizard. 5. Restart system when prompted.
🔧 Temporary Workarounds
Restrict installer permissions
windowsManually set appropriate file permissions after installation to limit access to critical files.
icacls "C:\Program Files\Software House\C-CURE 9000" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX"
Implement least privilege
windowsEnsure C•CURE service accounts run with minimal required privileges, not as SYSTEM or Administrator.
🧯 If You Can't Patch
- Implement strict access controls to limit who can access C•CURE servers and workstations
- Monitor file permission changes and unauthorized access attempts to C•CURE directories
🔍 How to Verify
Check if Vulnerable:
Check C•CURE version in Control Panel > Programs and Features. If version is below 3.10.1, system is vulnerable.Check Version:
wmic product where name like "%C-CURE 9000%" get versionVerify Fix Applied:
Verify version shows 3.10.1 or higher in Control Panel. Check file permissions on C•CURE installation directory.📡 Detection & Monitoring
Log Indicators:
- Unauthorized file permission changes in Windows Security logs
- Unexpected processes running with SYSTEM privileges
- Failed access attempts to C•CURE directories
Network Indicators:
- Unusual authentication patterns to C•CURE servers
- Unexpected remote access to C•CURE management interfaces
SIEM Query:
EventID=4672 OR EventID=4656 AND ObjectName contains "C-CURE" OR "Software House"