CVE-2020-25106

Name of the Vulnerable Software and Affected Versions Nanosystems SupRemo version 4.1.3.2348

Description The issue allows attackers to obtain LocalSystem access. This is possible because the File Manager can be used to rename Supremo.exe, and then a Trojan horse can be uploaded with the Supremo.exe filename.

Recommendations For version 4.1.3.2348, consider restricting access to the File Manager to prevent renaming of the Supremo.exe file until a patch is available. As a temporary workaround, monitor file uploads closely to detect and prevent potential Trojan horse uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.