minvoLogo

Nssm-2.24 Privilege Escalation Page

To prevent your NSSM installation from becoming a gateway for attackers, follow these security best practices: 1. Audit File System Permissions

: Local (Requires existing command-line or shell access to the host).

The 2.24 version is outdated, and the primary recommendation from the NSSM developers is to upgrade to the 2.25 pre-release builds, which address several bugs, including those related to service handling and stability. Immediate Mitigation Steps: nssm-2.24 privilege escalation

The vulnerability in NSSM 2.24 subverts this logic not by breaking the Windows security model, but by mishandling how the service binary executes after installation.

If a service is installed with a path like C:\Program Files\My App\nssm.exe , and it is not properly quoted, Windows attempts to execute the path in the following order: C:\Program.exe (with args: Files\My App\nssm.exe ) C:\Program Files\My.exe (with args: App\nssm.exe ) C:\Program Files\My App\nssm.exe To prevent your NSSM installation from becoming a

: If a service created by NSSM has a path containing spaces and is not enclosed in quotation marks (e.g., C:\Program Files\My Service\nssm.exe

: Exploiting the weak permissions, the attacker overwrites the legitimate nssm.exe binary with a malicious executable of their choosing. This is the critical step—the permissions flaw allows file modification without requiring administrative privileges. Immediate Mitigation Steps: The vulnerability in NSSM 2

Non-Sucking Service Manager (NSSM) version 2.24 does not have a unique, built-in "exploit" or CVE inherent to its code. Instead, privilege escalation involving NSSM almost always stems from insecure deployment configurations

CVE-2024-51448 documents this exact behavior in IBM Robotic Process Automation. All files in the install inherited the file permissions of the parent directory, allowing a non-privileged user to substitute any executable for the nssm.exe service. A subsequent service restart would then execute the attacker's binary with administrator privileges, granting immediate escalation.

| Metric | Value | |--------|-------| | Attack Vector | Local (AV:L) | | Attack Complexity | Low (AC:L) | | Privileges Required | Low (PR:L) | | User Interaction | None (UI:N) | | Confidentiality Impact | High (C:H) | | Integrity Impact | High (I:H) | | Availability Impact | High (A:H) |

Never store service executables in folders where standard users have write access.