CVE-2024-58288
📋 TL;DR
CVE-2024-58288 is an unquoted service path vulnerability in Genexus Protection Server 9.7.2.10 that allows local attackers to escalate privileges to LocalSystem by placing malicious executables in specific file system locations. This affects Windows systems running the vulnerable version of Genexus Protection Server.
💻 Affected Systems
- Genexus Protection Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via arbitrary code execution with LocalSystem privileges, enabling complete control over the Windows host.
Likely Case
Local privilege escalation allowing attackers to gain SYSTEM-level access on compromised machines.
If Mitigated
Limited impact if proper file system permissions restrict write access to vulnerable directories.
🎯 Exploit Status
Exploit requires local access to the system. Public exploit code exists on Exploit-DB (ID 52065).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.genexus.com/en/developers/downloadcenter?data=;;
Restart Required: Yes
Instructions:
1. Check Genexus website for updated version. 2. Install updated version if available. 3. Restart the protsrvservice service.
🔧 Temporary Workarounds
Quote Service Path
windowsModify the Windows service configuration to use quoted paths for the binary executable.
sc config protsrvservice binPath= "C:\Program Files\Genexus\Protection Server\protsrvservice.exe"
Restrict Directory Permissions
windowsApply strict file system permissions to prevent unauthorized users from writing to vulnerable directories.
icacls "C:\Program Files\Genexus" /deny Users:(OI)(CI)W
🧯 If You Can't Patch
- Apply strict file system permissions to the Genexus installation directory and parent directories.
- Monitor for unauthorized service modifications and file creation in Genexus directories.
🔍 How to Verify
Check if Vulnerable:
Check if Genexus Protection Server 9.7.2.10 is installed and examine the protsrvservice configuration for unquoted paths using: sc qc protsrvserviceCheck Version:
Check installed version through Genexus Protection Server interface or installation directory properties.Verify Fix Applied:
Verify the service path is quoted and proper file permissions are applied using: sc qc protsrvservice and icacls "C:\Program Files\Genexus"📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing service configuration changes
- File creation events in Genexus directories
- Process creation from unexpected locations in Genexus paths
Network Indicators:
- No network indicators - local privilege escalation only
SIEM Query:
EventID=7045 OR (EventID=4688 AND NewProcessName contains "Genexus")