Druva inSync Windows Client < 6.6.4 Privilege Escalation

high Nessus Plugin ID 136927

Synopsis

A web application development suite installed on the remote Windows host is affected by local privilege escalation vulnerability.

Description

The Windows Druva inSync Client Service (inSyncCPHwnet64.exe) contains a path traversal vulnerability that can be exploited by a local, unauthenticated attacker to execute OS commands with SYSTEM privileges. When processing RPC type 5 requests over TCP port 6064, inSyncCPHwnet64.exe does not properly validate request data prior to passing it to the CreateProcessW() function. By sending a crafted RPC request, an attacker can elevate privileges to SYSTEM.

Solution

Upgrade to Druva inSync Client 6.6.4 or later.

See Also

http://www.nessus.org/u?da4e741b

https://www.tenable.com/security/research/tra-2020-34

Plugin Details

Severity: High

ID: 136927

File Name: druva_insync_tra-2020-34.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 5/27/2020

Updated: 12/29/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-5752

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:druva:insync_client

Required KB Items: installed_sw/Druva inSync

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/5/2020

Vulnerability Publication Date: 7/5/2020

Exploitable With

Metasploit (Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation)

Reference Information

CVE: CVE-2020-5752