PT-2021-11151 · Unknown · Sapphireims

Tanoy Bose

Published

2021-08-11

Updated

2022-07-12

CVE-2020-25564

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SapphireIMS version 5.0

Description: The issue allows an attacker to create a local administrator on any client using the credentials of a non-privileged user. This is achieved by directly accessing the RemoteMgmtTaskSave feature, which is part of the Automation Tasks.

Recommendations: For SapphireIMS version 5.0, consider disabling direct access to the RemoteMgmtTaskSave feature until a patch is available. Restrict the use of Automation Tasks to minimize the risk of exploitation.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2020-25564

Affected Products

Sapphireims

PT-2021-11151 · Unknown · Sapphireims

CVE-2020-25564

Weakness Enumeration

Related Identifiers

Affected Products

References · 6