Nssm-2.24 Privilege Escalation Info

nssm version

An refers to a security scenario where a low-privileged local attacker exploits an improperly secured or misconfigured deployment of the Non-Sucking Service Manager (NSSM) version 2.24 to elevate their system permissions to administrative or SYSTEM-level rights . nssm-2.24 privilege escalation

This vulnerability affects versions 21.0.0 through 23.0.18. The flaw allows any authenticated local user to substitute any executable for the nssm.exe service because all files in the install directory inherit overly permissive NTFS permissions. A subsequent service or server restart then runs the substituted binary with Administrator privileges . nssm version An refers to a security scenario

Proofs-of-concept and tooling