CVE-2020-15592

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins” directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the “.\plugins” string, a directory traversal vulnerability exists in the way plugins are resolved.

SteelCentral Aternity Agent versiones anteriores a 0.0.120 en Windows permite una escalada de privilegios por medio de un archivo diseñado. Usa un ejecutable que se ejecuta como un servicio de Windows muy privilegiado para llevar a cabo tareas administrativas y recopilar datos de otros procesos. Distribuye la funcionalidad entre diferentes procesos y utiliza primitivas IPC (Inter-Process Communication) para permitir a los procesos cooperar. Los métodos que se pueden llamar remotamente desde objetos remotos disponibles por medio de la comunicación entre procesos permiten cargar plugins arbitrarios (es decir, ensamblajes de C#) desde el directorio "% PROGRAMFILES (X86)%/Aternity Information Systems/Assistant/plugins", donde el nombre del plugin es pasado como parte de un objeto serializado en XML. Sin embargo, debido a que el nombre de la DLL está concatenado con la cadena ".\plugins", Se presenta una vulnerabilidad de salto directorio en la manera en que los plugins son resueltos

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-07-07 CVE Reserved
2020-07-24 CVE Published
2023-04-12 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (1)

URL	Tag	Source
https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Riverbed Search vendor "Riverbed"	Steelcentral Aternity Agent Search vendor "Riverbed" for product "Steelcentral Aternity Agent"	< 11.0.0.120 Search vendor "Riverbed" for product "Steelcentral Aternity Agent" and version " < 11.0.0.120"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe