Patch for EE's 4G Wi-Fi mini modem nails local privilege escalation flaw

Better update if you leave your laptop unattended in public...

Network scientists

Telco EE's Mini Wi-Fi modem needs to be updated with a recently issued patch.

A local privilege escalation vulnerability in the Alcatel-manufactured tech, discovered by ZeroDayLab, could be used to plant malware or steal info from Windows computers that use the kit for internet connectivity, the researchers warned.

This vulnerability can be used to escalate privileges in a Windows operating system locally. For example, an attacker can plant a reverse shell from a low-privileged user account and by restarting the computer, the malicious service will be started as "NT AUTHORITY\SYSTEM" by giving the attacker full system access to the remote PC.

The bug was uncovered by Osanda Malith Jayathissa, a security consultant at ZeroDayLab, and reported to EE in July. EE worked with Jayathissa and Alcatel to develop a patch, which was rolled out earlier this month. This cleared the way for ZeroDayLab to go public about the problem responsibly.

"This vulnerability can be used to escalate system privileges on any Windows machine locally," Jayathissa confirmed to El Reg.

The kit's software needs updating to "EE40_00_02.00_45" and previous vulnerable versions should be removed, as described in an advisory by ZeroDayLab here.

In response to queries from El Reg, EE confirmed it had resolved what it characterised as a minor security issue with a patch. It nonetheless thanked Jayathissa for his efforts.

EE said the attacker would have needed physical access to a Wi-Fi modem that had been plugged directly into the laptop or PC via USB and left unattended or unlocked. This sort of scenario could happen in trains, shared office spaces and cafes so it isn't implausible, just clearly not super critical.

Jayathissa added that other vendors using the same kit might also be vulnerable. The possibility of wider exposure has not been tested and remains unconfirmed.

El Reg flagged up the issue with Alcatel, but we're yet to hear back. ®




Biting the hand that feeds IT © 1998–2018