Amica Prodigy 1.7 – Privilege Escalation

• Exploit Database
• 35 阅读

• 作者： Andrea Intilangelo
  日期： 2021-08-10
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/50184/

• # Exploit Title: Amica Prodigy 1.7 - Privilege Escalation
  # Date: 2021-08-06
  # Exploit Author: Andrea Intilangelo
  # Vendor Homepage: https://gestionaleamica.com - https://www.bisanziosoftware.com
  # Software Link: https://gestionaleamica.com/Download/AmicaProdigySetup.exe
  # Version: 1.7
  # Tested on: Windows 10 Pro 20H2 x64
  # CVE: CVE-2021-35312
  
  Amica Prodigy it's a backup solution from Amica softwares (GestionaleAmica: invoices, accounting, etc.,
  from website gestionaleamica.com), a CIR 2000 srl / Bisanzio Software srl
  
  A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable
  "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it
  with a malicious file that will be executed with "LocalSystem" privileges at scheduled time.
  
  C:\Users\user>icacls C:\AmicaProdigy\RemoteBackup.Service.exe
  
  C:\AmicaProdigy\RemoteBackup.Service.exe
  					NT AUTHORITY\Authenticated Users:(I)(M) NT
  					AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F)
  					BUILTIN\Users:(I)(RX) Elaborazione completata per 1 file.