Local Privilege Escalation to SYSTEM via Insecure ProgramData Folder in extenua SilverSHielD 6.x

Local Privilege Escalation to SYSTEM via Insecure ProgramData Folder in extenua SilverSHielD 6.x

CVE-2019-13069 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.