CVE-2019-17202

23.01.2020, 15:15

FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	8.2 HIGH	LOCAL	LOW	NONE	CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:N/S:C/UI:R
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Vendor	Product	Version
fasttracksoftware	admin_by_request	𝑥 < 6.2.0.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://improsec.com/en/responsible-disclosure

https://www.adminbyrequest.com/en/releasenotes

https://improsec.com/en/responsible-disclosure

https://www.adminbyrequest.com/en/releasenotes