CVE-2019-17201

Published: Jan 23, 2020

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

9.0

CRITICAL

Description

FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:N/S:C/UI:N

Attack Complexity

Low

Attack Vector

Local

Availability

None

Confidentiality

High

Integrity

High

Privileges Required

None

Scope

Changed

User Interaction

None

References

https://improsec.com/en/responsible-disclosure

https://www.adminbyrequest.com/en/releasenotes

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-17201

Description

Affected Products

CVSS v3.0 Details

References