CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17201
https://notcve.org/view.php?id=CVE-2019-17201
23 Jan 2020 — FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevatio... • https://improsec.com/en/responsible-disclosure •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17202
https://notcve.org/view.php?id=CVE-2019-17202
23 Jan 2020 — FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any us... • https://improsec.com/en/responsible-disclosure • CWE-269: Improper Privilege Management •