CVE-2019-17202

Name of the Vulnerable Software and Affected Versions FastTrack Admin By Request version 6.1.0.0

Description The issue concerns the elevation of privileges to Administrator level. Normally, group policies restrict this ability to a select range of users. However, when a user without direct access to elevation through group policies attempts to elevate privileges, they are prompted for a PIN code in a challenge-response manner. The response to the challenge can be easily emulated using a simple algorithm and data available to all users, such as the customer ID and device name. This allows any user to elevate to Administrator privilege.

Recommendations For FastTrack Admin By Request version 6.1.0.0, consider disabling the elevation feature until a patch is available to prevent unauthorized privilege escalation. Restrict access to sensitive data, such as customer ID and device name, to minimize the risk of exploitation. As a temporary workaround, limit the use of group policies to only necessary users to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.