RDPGuard 9.9.9 - Privilege Escalation

vendor:

RDPGuard

by:

Ahmet Ümit BAYRAM

6.1

CVSS

HIGH

Privilege Escalation

269

CWE

Product Name: RDPGuard

Affected Version From: 9.9.2009

Affected Version To: 9.9.2009

Patch Exists: NO

Related CWE:

CPE: rdpguard:rdpguard:9.9.9

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 (32bit)

2025

RDPGuard 9.9.9 – Privilege Escalation

RDPGuard 9.9.9 allows privilege escalation by executing arbitrary code via a crafted .bat file in the Tools > Custom Actions / Notifications menu, leading to a reverse shell as NT AUTHORITY\SYSTEM.

Mitigation:

Avoid executing unknown or untrusted .bat files within RDPGuard to prevent privilege escalation.

Source

Exploit-DB raw data:

# Exploit Title: RDPGuard 9.9.9 - Privilege Escalation
# Discovered by: Ahmet Ümit BAYRAM
# Discovered Date: 09.05.2025
# Vendor Homepage: https://rdpguard.com
# Software Link: https://rdpguard.com/download.aspx
# Tested Version: 9.9.9 (latest)
# Tested on: Windows 10 (32bit)

# # # Steps to Reproduce # # #

# 1. Prepare a .bat file containing your reverse shell code.
# 2. Open RDPGuard.
# 3. Navigate to Tools > Custom Actions / Notifications.
# 4. Click the "Add" button.
# 5. Leave "Event" as "IP Blocked".
# 6. Select "Execute Program" from the "Action" dropdown.
# 7. Under the "Program/script" field, select your prepared .bat file.
# 8. Set up your listener.
# 9. Click "Test Run".
# 10. A reverse shell as NT AUTHORITY\SYSTEM is obtained!