Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SUPREMO 4.1.3.2348 Privilege Escalation Vulnerability

🗓️ 24 Dec 2020 00:00:00Reported by Victor GilType 
zdt
 zdt🔗 0day.today👁 78 Views

SUPREMO 4.1.3.2348 Privilege Escalation Vulnerability, allows local system access and potential privilege escalation

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2020-25106
22 Dec 202020:53
circl
CNNVD		Nanosystems Supremo 代码问题漏洞
22 Dec 202000:00
cnnvd
CNVD		Nanosystems Supremo Access Control Error Vulnerability
23 Dec 202000:00
cnvd
CVE		CVE-2020-25106
22 Dec 202017:54
cve
Cvelist		CVE-2020-25106
22 Dec 202017:54
cvelist
EUVD		EUVD-2020-17797
7 Oct 202500:30
euvd
NVD		CVE-2020-25106
22 Dec 202018:15
nvd
Packet Storm		SUPREMO 4.1.3.2348 Privilege Escalation
22 Dec 202000:00
packetstorm
Prion		Design/Logic Flaw
22 Dec 202018:15
prion
RedhatCVE		CVE-2020-25106
22 May 202517:54
redhatcve
Rows per page
Details
=======

Subject:  Local Privilege Escalation
Product: SUPREMO by Nanosystems S.r.l.
Vendor Homepage: https://www.supremocontrol.com/
Vendor Status: fixed version released
Vulnerable Version: 4.1.3.2348 (No other version was tested, but it is
believed for the older versions to be also vulnerable.)
Fixed Version: 4.2.0.2423
CVE Number: CVE-2020-25106
CVE URL:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25106
Authors:  Victor Gil (A2SECURE) Adan Alvarez (A2SECURE)

Vulnerability Description
=======

Allows attackers to obtain LocalSystem access because when running as a
service File Manager allows modifying files with system privileges. This
can be used by an adversary to, for example, rename Supremo.exe and then
upload a trojan horse with the Supremo.exe filename.

Proof of Concept
================

To exploit this vulnerability Supremo should be running as a service. Then
follow the following steps:

  - Connect to Supremo from a different machine.
  - Open File manager.
  - Go to the directory where the Supremo executable is located.
  - Modify the name of the executable.
  - Upload a malicious executable and rename it to Supremo.exe
  - Close supremo.

After these steps, as supremo is running as a service, the service
executes, as System, the executable allowing an attacker to elevate
privileges to System.

Fix
===

The vendor provides an updated version (4.2.0.2423)

 Timeline
========

2020-07-13 Disclosed to Vendor
2020-10-19 Vendor releases the final patch
2020-12-21 Advisory released

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Dec 2020 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 29.3
CVSS 3.17.8
EPSS0.0024
supremonanosystems s.r.l.local privilege escalationvulnerabilityfixed versioncve-2020-25106a2secureservicefile managerpatchadvisory
78