what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SUPREMO 4.1.3.2348 Privilege Escalation

SUPREMO 4.1.3.2348 Privilege Escalation
Posted Dec 22, 2020
Authored by Victor Gil, Adan Alvarez

SUPREMO version 4.1.3.2348 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2020-25106
SHA-256 | 692dd2b65bb1ca8014e4882531d9b3a1667493ce70b79b16343b0b5167f5bd2f

SUPREMO 4.1.3.2348 Privilege Escalation

Change Mirror Download
Details
=======

Subject: Local Privilege Escalation
Product: SUPREMO by Nanosystems S.r.l.
Vendor Homepage: https://www.supremocontrol.com/
Vendor Status: fixed version released
Vulnerable Version: 4.1.3.2348 (No other version was tested, but it is
believed for the older versions to be also vulnerable.)
Fixed Version: 4.2.0.2423
CVE Number: CVE-2020-25106
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25106
Authors: Victor Gil (A2SECURE) Adan Alvarez (A2SECURE)

Vulnerability Description
=======

Allows attackers to obtain LocalSystem access because when running as a
service File Manager allows modifying files with system privileges. This
can be used by an adversary to, for example, rename Supremo.exe and then
upload a trojan horse with the Supremo.exe filename.

Proof of Concept
================

To exploit this vulnerability Supremo should be running as a service. Then
follow the following steps:

- Connect to Supremo from a different machine.
- Open File manager.
- Go to the directory where the Supremo executable is located.
- Modify the name of the executable.
- Upload a malicious executable and rename it to Supremo.exe
- Close supremo.

After these steps, as supremo is running as a service, the service
executes, as System, the executable allowing an attacker to elevate
privileges to System.

Fix
===

The vendor provides an updated version (4.2.0.2423)

Timeline
========

2020-07-13 Disclosed to Vendor
2020-10-19 Vendor releases the final patch
2020-12-21 Advisory released

--
*Adan Álvarez*

Security Consultant

+34 933 945 600
aalvarez@a2secure.com

--


*A2secure*

QSA auditors - Pentesting - Security Consultancy - Forensic
Analysis - PCI Consultancy - Malware Analysis - Incident Response -
Security Office - Security Training - Employee Security Awareness


Este
mensaje de correo electrónico y sus archivos adjuntos son confidenciales y
están legalmente protegidos. Se dirige exclusivamente al destinatario o
destinatarios. No está autorizado el acceso a este mensaje por otras
personas. Si Vd. no es la persona a la que va dirigido este email,
cualquier uso está prohibido y es ilegal. Asímismo, de acuerdo al
Reglamento EU 2016/679 sobre Protección de Datos Personales, le informamos
que su dirección e-mail forma parte de los ficheros de las empresas de
A2secure, S.L. (A2SECURE) con CIF: B65040107, porque en su momento nos
autorizó el tratamiento para mantener una relación comercial y/o
informativa de nuestros productos y servicios; Usted puede ejercer en
cualquier momento sus derechos de acceso, rectificación, supresión,
limitación y oposición dirigiéndose por escrito a Avda. Francesc Cambo 21,
10, 08003 Barcelona. Tel.: +34 93 3945600, Email: arco@a2secure.com
<mailto:arco@a2secure.com>. Si ha recibido este mensaje por error, por
favor, destrúyalo y notifíquelo. Gracias.



This message and its annexed
files may contain confidential information which is exclusively for the use
of the addressee. Access to this message by other people is not authorized.
If you are not the person to whom it is addressed, any use, treatment,
information, copy or distribution and any action or omission based on the
information contained in this message are strictly forbidden and illegal.
According to Regulation EU 2016/679 on Protection of Personal Data, we
inform you that your e-mail address is part of the files of the companies
of A2secure, S.L. (A2SECURE) with CIF: B65040107, because at some moment
you authorized us the treatment to maintain a commercial and / or
informative relationship of our products and services; You can exercise
your rights of access, rectification, erasure, restriction and object at
any time by writing to Avda. Francesc Cambo 21, 10, 08003 Barcelona. Tel .:
+34 93 3945600, Email: arco@a2secure.com <mailto:arco@a2secure.com>. If you
have received this message by mistake, please destroy it and notify it.
Thank you.


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close