Vulnerability Details : CVE-2020-7387
Public exploit exists!
Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor.
Vulnerability category: Information leak
Products affected by CVE-2020-7387
- cpe:2.3:a:sage:adxadmin:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-7387
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-7387
-
Sage X3 Administration Service Authentication Bypass Command Execution
Disclosure Date: 2021-07-07First seen: 2021-07-21exploit/windows/sage/x3_adxsrv_auth_bypass_cmd_execThis module leverages an authentication bypass exploit within Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service. Authors: - Jonathan Peterson <deadjakk@shell.rip>
CVSS scores for CVE-2020-7387
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
cve@rapid7.con | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2020-7387
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: cve@rapid7.con (Secondary)
References for CVE-2020-7387
-
https://www.rapid7.com/blog/post/2021/07/07/cve-2020-7387-7390-multiple-sage-x3-vulnerabilities/
CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities | Rapid7 BlogExploit;Third Party Advisory
-
https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed
404 Page Not FoundBroken Link
-
https://www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/147993/sage-x3-latest-patches
Sage X3 Latest Patches - Sage X3 UK Announcements, News, and Alerts - Sage X3 UK - Sage City CommunityPatch;Vendor Advisory
Jump to