Arn Vollebregt

**Name of the Vulnerable Software and Affected Versions** CloudCTI HIP Integrator Recognition Configuration Tool (affected versions not specified) **Description** The issue concerns a privilege escalation vulnerability. It involves the CloudCTI HIP Integrator Recognition Configuration Tool, which uses an insecure communication channel (Named Pipe) to communicate with the Recognition Update Client Service. This service imports data from CRM software using plugins, including the DatasourceExquiseExporter.dll plugin for EXQUISE software. The vulnerability allows a lower-privileged user to execute arbitrary programs, including batch files, with elevated privileges (NT AUTHORITYSYSTEM) by manipulating the plugin to start these programs. This is possible because a higher-privileged process executes scripts from a directory that is writable by a lower-privileged user. **Recommendations** As a temporary workaround, consider restricting access to the directory where the scripts are executed to prevent lower-privileged users from manipulating the files. Additionally, restrict the use of the DatasourceExquiseExporter.dll plugin until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.