CVE-2021-37363

Name of the Vulnerable Software and Affected Versions Gestionale Open version 11.00.00

Description An Insecure Permissions issue exists, allowing a low privilege account to rename the mysqld.exe file located in the bin folder and replace it with a malicious file. This malicious file could connect back to an attacking computer, giving system level privileges due to the service running as Local System. Although a low privilege user cannot restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also has unquoted service path issues.

Recommendations For Gestionale Open version 11.00.00, consider restricting access to the bin folder to prevent low privilege accounts from renaming or replacing the mysqld.exe file until a patch is available. As a temporary workaround, monitor system restarts and service executions closely to detect potential malicious activity. Additionally, review and rectify any unquoted service path issues to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.