CVE-2021-35312

Vulnerability

The Amica Prodigy software version 1.7, part of the CIR 2000 / Gestionale Amica suite, contains a privilege escalation vulnerability in the RemoteBackup.Service.exe executable. The executable has incorrect file permissions, allowing any local unprivileged user to overwrite it. This enables replacement with a malicious binary that will be executed with LocalSystem privileges [1].

Exploitation

An attacker with local access to the system and low privileges can replace the legitimate RemoteBackup.Service.exe with a crafted malicious executable. No additional authentication or user interaction is required beyond local file write permissions. The next time the service runs, the malicious binary executes in the context of LocalSystem [1].

Impact

Successful exploitation results in local privilege escalation from an unprivileged user to LocalSystem, granting full control over the affected system. The attacker can then perform any action, including installing programs, accessing sensitive data, and creating new accounts with full rights.

Mitigation

As of the publication date (2021-08-06), no official patch was available. The vendor has not released a fix. The only workaround is to manually secure the permissions on RemoteBackup.Service.exe to prevent modification by unprivileged users, or to remove the service if not needed [1].