Can you explain this vulnerability to me?

CVE-2021-47742 is a vulnerability in Epic Games Psyonix Rocket League versions up to 1.95 where the executable files have insecure permissions. Specifically, the 'Authenticated Users' group is given 'Full' (F) control permissions, allowing any authenticated user to modify the executable files. This misconfiguration enables attackers to replace the legitimate executable with a malicious binary, potentially escalating their system privileges. [2, 3]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can allow an authenticated user on the system to escalate their privileges by modifying the Rocket League executable file. By replacing the legitimate executable with a malicious one, an attacker can gain higher system privileges than intended, potentially compromising system security and control. [2, 3]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking the permissions of the Rocket League executable file to see if the 'Authenticated Users' group has 'Full' (F) control permissions. On Windows systems, you can use the command line to inspect the permissions of the executable file. For example, use the command 'icacls "path\to\RocketLeague.exe"' to view the access control list and verify if 'Authenticated Users' have full control permissions. [2, 3]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, immediately remove or restrict the 'Full' (F) control permissions granted to the 'Authenticated Users' group on the Rocket League executable file. Adjust the file permissions to ensure that only trusted users or administrators have write or modify access to the executable. This prevents unauthorized modification of the executable and reduces the risk of privilege escalation. [2, 3]

Useful 0 Not Useful 0