CVE-2019-17201

{"id": "CVE-2019-17201", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.0, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-01-23T15:15:13.303", "references": [{"url": "https://improsec.com/en/responsible-disclosure", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.adminbyrequest.com/en/releasenotes", "source": "cve@mitre.org"}, {"url": "https://improsec.com/en/responsible-disclosure", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.adminbyrequest.com/en/releasenotes", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions."}, {"lang": "es", "value": "FastTrack Admin By Request versi\u00f3n 6.1.0.0, admite pol\u00edticas de grupo que se supone permiten solo a un rango selecto de usuarios ascender a privilegios de Administrador a voluntad. Cuando un usuario solicita elevaci\u00f3n utilizando la interfaz AdminByRequest.exe, la interfaz se comunica con el servicio subyacente (Audckq32.exe) mediante una tuber\u00eda con nombre .NET. Si el servicio subyacente responde que un usuario tiene acceso a la funcionalidad de elevaci\u00f3n, el cliente reinicia la comunicaci\u00f3n con el servicio subyacente y solicita la elevaci\u00f3n. Esta petici\u00f3n de elevaci\u00f3n no tiene comprobaciones locales en el servicio y depende de la validaci\u00f3n del lado del cliente en la interfaz AdminByRequest.exe, es decir, es una funcionalidad expuesta vulnerable en el servicio. Mediante la comunicaci\u00f3n directamente con el servicio subyacente, cualquier usuario puede solicitar la elevaci\u00f3n y obtener privilegios de Administrador independientemente de las pol\u00edticas o permisos de grupo."}], "lastModified": "2024-11-21T04:31:50.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fasttracksoftware:admin_by_request:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3849ACED-A50C-45BA-AC95-C9F894296566", "versionEndExcluding": "6.2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}