漏洞标题
N/A
漏洞描述信息
FastTrack Admin By Request 6.1.0.0 支持组策略,仅允许特定范围的用户随意提升为管理员权限。当一个用户使用 AdminByRequest.exe 界面请求提升时,该界面通过.NET 命名管道与底层服务 (Audckq32.exe) 进行通信。如果底层服务回应允许用户访问提升功能,客户端 then 重新与底层服务进行通信并请求提升。这个提升请求在服务中没有本地检查,并依赖于 AdminByRequest.exe 界面中的客户端验证,即这是服务中暴露在脆弱性下的功能性。通过直接与底层服务通信,任何用户都可以请求提升并获得管理员权限,而无需遵循组策略或权限。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
FastTrack Admin By Request 跨站脚本漏洞
漏洞描述信息
FastTrack Admin By Request 6.1.0.0版本存在安全漏洞,该漏洞源于程序基础服务(Audckq32.exe)没有对提权请求进行本地检查,并且仅依靠AdminByRequest.exe接口的客户端验证。攻击者可利用该漏洞提升权限。
CVSS信息
N/A
漏洞类别
跨站脚本