CVE-2019-11875

{"id": "CVE-2019-11875", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-05-24T16:29:00.437", "references": [{"url": "http://packetstormsecurity.com/files/153007/Blue-Prism-Robotic-Process-Automation-RPA-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-002.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-669"}, {"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user account to connect to the Blue Prism server, but the roles associated to this account are not required to have any permissions. First of all, the application files are modified to grant full permissions on the client side. In a test environment (or his own instance of the software) an attacker is able to grant himself full privileges also on the server side. He can then, for instance, create a process with malicious behavior and export it to disk. With the modified client, it is possible to import the exported file as a release and overwrite any existing process in the database. Eventually, the bots execute the malicious process. The server does not check the user's permissions for the aforementioned actions, such that a modification of the client software enables this kind of attack. Possible scenarios may involve changing bank accounts or setting passwords."}, {"lang": "es", "value": "En AutomateAppCore.dll en Blue Prism Robotic Process Automation versi\u00f3n 6.4.0.8445, una vulnerabilidad en el control de acceso puede ser explotada para escalar los privilegios. La vulnerabilidad permite abusar de la aplicaci\u00f3n por fraude o acceso no autorizado a cierta informaci\u00f3n. El ataque requiere una cuenta de usuario v\u00e1lida para conectarse al servidor Blue Prism, pero no se necesita que los roles asociados a esta cuenta tengan permisos. En primer lugar, los archivos de aplicaci\u00f3n se modifican para otorgar todos los permisos del lado del cliente. En un entorno de prueba (o su propia instancia del software), un atacante puede otorgarse privilegios completos tambi\u00e9n del lado del servidor. Luego puede, por ejemplo, dise\u00f1ar un proceso con comportamiento malicioso y exportarlo a un disco. Con el cliente modificado, es posible importar el archivo exportado como una versi\u00f3n y sobrescribir cualquier proceso existente en la base de datos. Eventualmente, los bots ejecutan el proceso malicioso. El servidor no comprueba los permisos del usuario para las acciones antes mencionadas, de modo que una modificaci\u00f3n del programa cliente habilita este clase de ataque. Los posibles escenarios pueden implicar cambiar cuentas bancarias o establecer contrase\u00f1as."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blueprism:robotic_process_automation:6.4.0.8445:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A102439-9117-450B-B1E5-39D995BBB01A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}