CVE-2023-27310

Name of the Vulnerable Software and Affected Versions RUGGEDCOM CROSSBOW versions prior to V5.2

Description A vulnerability has been identified in the client query handler of the affected application, which fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts, potentially allowing the attacker to elevate their privileges by adding user accounts to administrative groups.

Recommendations For versions prior to V5.2, update to version V5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the client query handler to minimize the risk of exploitation. Additionally, restrict the ability to assign administrative groups to user accounts until the issue is resolved.