Amica Prodigy 1.7 Privilege Escalation

2021.08.07
Credit: Andrea Intilangelo
Risk: Medium
Local: Yes
Remote: No
CVE: CVE-2021-35312
CWE: CWE-264


Ogólna skala CVSS: 7.2/10
Znaczenie: 10/10
Łatwość wykorzystania: 3.9/10
Wymagany dostęp: Lokalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Pełny
Wpływ na integralność: Pełny
Wpływ na dostępność: Pełny

# Exploit Title: Amica Prodigy 1.7 - Privilege Escalation # Date: 2021-08-06 # Exploit Author: Andrea Intilangelo # Vendor Homepage: https://gestionaleamica.com - https://www.bisanziosoftware.com # Software Link: https://gestionaleamica.com/Download/AmicaProdigySetup.exe # Version: 1.7 # Tested on: Windows 10 Pro 20H2 x64 # CVE: CVE-2021-35312 Amica Prodigy it's a backup solution from Amica softwares (GestionaleAmica: invoices, accounting, etc., from website gestionaleamica.com), a CIR 2000 srl / Bisanzio Software srl A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges at scheduled time. C:\Users\user>icacls C:\AmicaProdigy\RemoteBackup.Service.exe C:\AmicaProdigy\RemoteBackup.Service.exe NT AUTHORITY\Authenticated Users:(I)(M) NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Users:(I)(RX) Elaborazione completata per 1 file.


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top