PT-2022-17104 · Itarian · Itarian

Frank Breedijk

Published

2022-06-08

Updated

2022-06-16

CVE-2022-25152

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ITarian platform versions prior to 6.35.37347.20040

Description The ITarian platform has a vulnerability in its approval process for procedures, which allows a malicious actor with a valid session token to create a procedure, bypass approval, and execute it. This results in the ability to perform arbitrary code execution and full system take-over on all agents.

Recommendations For versions prior to 6.35.37347.20040, update to version 6.35.37347.20040 or later to resolve the issue. As a temporary workaround, consider restricting access to the procedure function to minimize the risk of exploitation. Additionally, restrict the use of valid session tokens to only necessary users to reduce the attack surface.

Fix

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-358

Related Identifiers

CVE-2022-25152

Affected Products

Itarian

PT-2022-17104 · Itarian · Itarian

CVE-2022-25152

Weakness Enumeration

Related Identifiers

Affected Products

References · 5