[CVE-2017-16630] SapphireIMS: IDOR based privilege elevation

Posted on

Description

In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.

CVSS 3.0 Base Score

8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

CWE

CWE-732: Incorrect Permission Assignment for Critical Resource

Researcher

Tanoy Bose

POC

Unlisted

Vulnerability Tracker

Disclosure timelines

  • 14 Sept, 2017 - Informed vendor; No response
  • 15 Sept, 2017 - Informed CERT/CC
  • 26 Sept, 2017 - First follow up; No response
  • 30 Oct, 2017 - Second follow up; No response
  • 06 Nov, 2017 - Assigned CVE
Tanoy Bose
Namaste.
You can know about me at my portfolio.
I follow my own Vulnerability Disclosure Policy.
Most of my work is listed here.