Sysax FTP Automation Server Local Privilege Escalation

vendor:

Sysax FTP Automation Server

by:

Craig Freyman

7,2

CVSS

HIGH

Privilege Escalation

269

CWE

Product Name: Sysax FTP Automation Server

Affected Version From: 5.33

Affected Version To: 5.33

Patch Exists: YES

Related CWE: N/A

CPE: a:sysax:sysax_ftp_automation_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: XP SP3 32bit

2012

Sysax FTP Automation Server Local Privilege Escalation

Sysax FTP Automation <= 5.33 has a privilege escalation vulnerability. This can be exploited by leveraging the Scheduled Script -> Scheduled Task functionality. The scheduled task function allows you to run any external program/execuable you want, without specifying credentials. By default, this product installs under the LOCALSYSTEM service so when the binary is executed, it runs under that context.

Mitigation:

Upgrade to version 5.34 or later.

Source

Exploit-DB raw data:

#Title: Sysax FTP Automation Server Local Privilege Escalation
#Author: Craig Freyman (@cd1zz)
#OS Tested: XP SP3 32bit
#Version Tested: 5.33
#Date Discovered: October 1, 2012
#Vendor Contacted: October 21, 2012
#Vendor Response: November 1, 2012
#Demo: http://www.pwnag3.com/2012/11/sysax-ftp-automation-server-privilege.html

Sysax FTP Automation <= 5.33 has a privilege escalation vulnerability. This can be exploited
by leveraging the Scheduled Script -> Scheduled Task functionality. The scheduled task 
function allows you to run any external program/execuable you want, without specifying 
credentials. By default, this product installs under the LOCALSYSTEM service so when the 
binary is executed, it runs under that context. 

Sysax fixed this problem in version 5.34.