Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by exploiting CVE-2020-7387. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 including Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor.
Published 2021-07-22 19:15:08
Updated 2021-08-09 17:33:59
Source Rapid7, Inc.
View at NVD,   CVE.org

Products affected by CVE-2020-7388

Exploit prediction scoring system (EPSS) score for CVE-2020-7388

18.98%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2020-7388

  • Sage X3 Administration Service Authentication Bypass Command Execution
    Disclosure Date: 2021-07-07
    First seen: 2021-07-21
    exploit/windows/sage/x3_adxsrv_auth_bypass_cmd_exec
    This module leverages an authentication bypass exploit within Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service. Authors: - Jonathan Peterson <deadjakk@shell.rip>

CVSS scores for CVE-2020-7388

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
10.0
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
3.9
5.8
cve@rapid7.con
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2020-7388

  • This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
    Assigned by:
    • cve@rapid7.con (Secondary)
    • nvd@nist.gov (Primary)

References for CVE-2020-7388

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!