Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.
What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain sysadmin privileges. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by injecting malicious SQL into the SyncToken method, allowing execution of arbitrary queries as the SMS service. According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.
<a href="https://x.com/kalimer0x00">Mehdi Elyassa</a> with <a href="https://www.synacktiv.com/">Synacktiv</a>, <a href="https://x.com/kalimer0x00">Mehdi Elyassa</a> with <a href="https://www.synacktiv.com/">Synacktiv</a>