CVE-2020-25106 - OpenCVE

Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Supremocontrol	Supremo

Configuration 1 [-]

cpe:2.3:a:supremocontrol:supremo:4.1.3.2348:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/160666/SUPREMO-4.1.3.2348-Privilege-Escalation.html	Exploit Third Party Advisory
https://seclists.org/fulldisclosure/2020/Dec/42	Exploit Mailing List Third Party Advisory
https://www.supremocontrol.com/changelog/	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-22T17:54:55

Updated: 2020-12-22T18:06:10

Reserved: 2020-09-03T00:00:00

Link: CVE-2020-25106

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-12-22T18:15:12.580

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-25106

JSON object: View

Redhat Information

No data.

CWE

CWE-269

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-22T18:06:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.supremocontrol.com/changelog/"}, {"name": "Full Disclosure", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "https://seclists.org/fulldisclosure/2020/Dec/42"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/160666/SUPREMO-4.1.3.2348-Privilege-Escalation.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25106", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.supremocontrol.com/changelog/", "refsource": "MISC", "url": "https://www.supremocontrol.com/changelog/"}, {"name": "Full Disclosure", "refsource": "FULLDISC", "url": "https://seclists.org/fulldisclosure/2020/Dec/42"}, {"name": "http://packetstormsecurity.com/files/160666/SUPREMO-4.1.3.2348-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/160666/SUPREMO-4.1.3.2348-Privilege-Escalation.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25106", "datePublished": "2020-12-22T17:54:55", "dateReserved": "2020-09-03T00:00:00", "dateUpdated": "2020-12-22T18:06:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:supremocontrol:supremo:4.1.3.2348:*:*:*:*:*:*:*", "matchCriteriaId": "4EBCB59D-DC48-415E-BAF3-D7F691544FC9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename."}, {"lang": "es", "value": "Nanosystems SupRemo versi\u00f3n 4.1.3.2348, permite a atacantes conseguir acceso a LocalSystem porque el Administrador de Archivos puede ser usado para cambiar el nombre del archivo Supremo.exe y luego cargar un caballo de Troya con el nombre de archivo Supremo.exe"}], "id": "CVE-2020-25106", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-22T18:15:12.580", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/160666/SUPREMO-4.1.3.2348-Privilege-Escalation.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2020/Dec/42"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.supremocontrol.com/changelog/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}