Amica Prodigy 1.7 Privilege Escalation

Amica Prodigy version 1.7 suffers from a local privilege escalation vulnerability.

MD5 | d4ff2f09e7ae96200fd8a728e5838645

# Exploit Title: Amica Prodigy 1.7 - Privilege Escalation
# Date: 2021-08-06
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: -
# Software Link:
# Version: 1.7
# Tested on: Windows 10 Pro 20H2 x64
# CVE: CVE-2021-35312

Amica Prodigy it's a backup solution from Amica softwares (GestionaleAmica: invoices, accounting, etc.,
from website, a CIR 2000 srl / Bisanzio Software srl

A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable
"RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it
with a malicious file that will be executed with "LocalSystem" privileges at scheduled time.

C:\Users\user>icacls C:\AmicaProdigy\RemoteBackup.Service.exe

NT AUTHORITY\Authenticated Users:(I)(M) NT
BUILTIN\Users:(I)(RX) Elaborazione completata per 1 file.

Related Posts