header-logo
Suggest Exploit
vendor:
Amica Prodigy
by:
Andrea Intilangelo
7,8
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name: Amica Prodigy
Affected Version From: 1.7
Affected Version To: 1.7
Patch Exists: YES
Related CWE: CVE-2021-35312
CPE: 2.3:a:bisanzio_software_srl:amica_prodigy:1.7
Metasploit: N/A
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=35312https://www.infosecmatter.com/nessus-plugin-library/?id=41274https://www.infosecmatter.com/nessus-plugin-library/?id=41604https://www.infosecmatter.com/nessus-plugin-library/?id=35293https://www.infosecmatter.com/nessus-plugin-library/?id=35302https://www.infosecmatter.com/nessus-plugin-library/?id=35388https://www.infosecmatter.com/nessus-plugin-library/?id=40327https://www.infosecmatter.com/nessus-plugin-library/?id=35369https://www.infosecmatter.com/nessus-plugin-library/?id=60516https://www.infosecmatter.com/nessus-plugin-library/?id=35675
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10 Pro 20H2 x64
2021

Amica Prodigy 1.7 – Privilege Escalation

A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable 'RemoteBackup.Service.exe' has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with 'LocalSystem' privileges at scheduled time.

Mitigation:

Ensure that the permissions of the 'RemoteBackup.Service.exe' file are set correctly and that only authorized users have access to it.
Source

Exploit-DB raw data:

# Exploit Title: Amica Prodigy 1.7 - Privilege Escalation
# Date: 2021-08-06
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://gestionaleamica.com - https://www.bisanziosoftware.com
# Software Link: https://gestionaleamica.com/Download/AmicaProdigySetup.exe
# Version: 1.7
# Tested on: Windows 10 Pro 20H2 x64
# CVE: CVE-2021-35312

Amica Prodigy it's a backup solution from Amica softwares (GestionaleAmica: invoices, accounting, etc.,
from website gestionaleamica.com), a CIR 2000 srl / Bisanzio Software srl

A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable
"RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it
with a malicious file that will be executed with "LocalSystem" privileges at scheduled time.

C:\Users\user>icacls C:\AmicaProdigy\RemoteBackup.Service.exe

C:\AmicaProdigy\RemoteBackup.Service.exe
					NT AUTHORITY\Authenticated Users:(I)(M) NT
					AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F)
					BUILTIN\Users:(I)(RX) Elaborazione completata per 1 file.

Navigation

Suggest Exploit

Services By CQR