s          ..                                 
    :8    < .z@8"`        ..                       
   .88     !@88E         @L             u.    u.   
  :888ooo  '888E   u    9888i   .dL   x@88k u@88c. 
-*8888888   888E u@8NL  `Y888k:*888. ^"8888""8888" 
  8888      888E`"88*"    888E  888I   8888  888R  
  8888      888E .dN.     888E  888I   8888  888R  
  8888      888E~8888     888E  888I   8888  888R  
 .8888Lu=   888E '888&    888E  888I   8888  888R  
 ^%888*     888E  9888.  x888N><888'  "*88*" 8888" 
   'Y"    '"888*" 4888"   "88"  888     ""   'Y"   
             ""    ""           88F                
                               98"                 
                             ./"                   
                            ~`
Musings from a mediocre hacker

Zoho Quick Assist Arbitrary File Delete to SYSTEM

https://youtu.be/OtG5gkOxDDc

Overview

A critical vulnerability exists in Zoho Quick Assist, a remote desktop support software that allows technicians to view, control, and troubleshoot end-user devices. While the main application runs with user privileges, it includes background processes with elevated permissions to facilitate system-level operations. The service fails to properly validate and sanitize user-controlled file paths in recursive delete operations when using the “Send Logs” function available from the system tray icon. This allows an unprivileged local attacker to delete arbitrary files or directories on the system, potentially leading to system integrity loss, denial of service, or Local Privilege Escalation (LPE) through tampering with security-critical files.

I was added to the Zoho hall of fame for this discovery https://www.zoho.com/security/hall-of-fame/.

https://www.zoho.com/assist/

Addiitonal Info:


Thomas Keefer added to HoF