CVE-2021-35312

HIGH

CIR 2000 / Gestionale Amica Prodigy v1.7 - Privilege Escalation

Title source: llm

Description

A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.

Exploits (1)

exploitdb WORKING POC

by Andrea Intilangelo · textlocalwindows

https://www.exploit-db.com/exploits/50184

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/163744/Amica-Prodigy-1.7-Privilege-Escalation.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/163744/Amica-Prodigy-1.7-Privilege-Escalation.html

Scores

CVSS v3 7.8

EPSS 0.0019

EPSS Percentile 41.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

gestionaleamica/amica_prodigy 1.7

Published Aug 06, 2021

Tracked Since Feb 18, 2026