Exploit for Amica Prodigy 1.7 Privilege Escalation CVE-2021-35312

Name: Exploit for Amica Prodigy 1.7 Privilege Escalation CVE-2021-35312
Rating: 5 (212 reviews)

2021-08-06 | CVSS 1.1

## https://sploitus.com/exploit?id=PACKETSTORM:163744
# Exploit Title: Amica Prodigy 1.7 - Privilege Escalation  
# Date: 2021-08-06  
# Exploit Author: Andrea Intilangelo  
# Vendor Homepage: https://gestionaleamica.com - https://www.bisanziosoftware.com  
# Software Link: https://gestionaleamica.com/Download/AmicaProdigySetup.exe  
# Version: 1.7  
# Tested on: Windows 10 Pro 20H2 x64  
# CVE: CVE-2021-35312  
  
Amica Prodigy it's a backup solution from Amica softwares (GestionaleAmica: invoices, accounting, etc.,  
from website gestionaleamica.com), a CIR 2000 srl / Bisanzio Software srl  
  
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable  
"RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it  
with a malicious file that will be executed with "LocalSystem" privileges at scheduled time.  
  
C:\Users\user>icacls C:\AmicaProdigy\RemoteBackup.Service.exe  
  
C:\AmicaProdigy\RemoteBackup.Service.exe  
NT AUTHORITY\Authenticated Users:(I)(M) NT  
AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F)  
BUILTIN\Users:(I)(RX) Elaborazione completata per 1 file.