CVE-2022-50690
Local Privilege Escalation in Wondershare MirrorGo via File Permission Flaw
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wondershare | mirrorgo | 2.0.11.346 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Wondershare MirrorGo 2.0.11.346 is a local privilege escalation issue caused by incorrect file permissions on executable files. Specifically, unprivileged local users can replace the ElevationService.exe file, which runs with LocalSystem privileges, with a malicious executable. This allows them to execute arbitrary code with the highest system privileges, effectively escalating their access rights on the affected system. [1, 3]
How can this vulnerability impact me? :
Exploiting this vulnerability allows an attacker with local access to escalate their privileges to LocalSystem level, which is the highest privilege on a Windows system. This means they can execute arbitrary code with full control over the system, potentially leading to complete system compromise, unauthorized access to sensitive data, and disruption of system availability. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the file permissions of the executable files in the Wondershare MirrorGo installation directory, especially ElevationService.exe. On a Windows system, use the command: icacls "C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\ElevationService.exe" to view the permissions. If the permissions grant full control to the "Everyone" group or other unprivileged users, the system is vulnerable. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting the file permissions on the affected executables, particularly ElevationService.exe, to prevent unprivileged users from modifying them. This can be done by removing full control permissions from the "Everyone" group and ensuring only trusted administrators have write access. Additionally, consider stopping and disabling the ElevationService service until a patched version is available. [1, 3]