Описание
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). Can the exploit move from Dynamics NAV to the underlying operating system?
Yes. An attacker who successfully exploited this vulnerability in Dynamics NAV could execute code on the host server in the context of the service account Dynamics has been configured to use.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
The attacker must be authenticated to be able to exploit this vulnerability.
According to the CVSS metric, the attack vector is network (AV:N). What is the target used in the context of the remote code execution?
The Dynamics NAV opened port could be used to connect with the WCF TCP protocol. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Dynamics NAV 2016 | ||
| Microsoft Dynamics NAV 2017 | ||
| Microsoft Dynamics NAV 2013 R2 | ||
| Microsoft Dynamics NAV 2018 | ||
| Microsoft Dynamics NAV 2015 | - | |
| Dynamics 365 Business Central Spring 2019 Update | ||
| Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) | ||
| Microsoft Dynamics 365 Business Central 2020 Release Wave 2 | ||
| Microsoft Dynamics 365 Business Central 2020 Release Wave 1 | ||
| Microsoft Dynamics 365 Business Central 2022 Release Wave 2 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8.5 High
CVSS3
Связанные уязвимости
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability.
Уязвимость программного средства для управления малым и средним бизнесом Microsoft Dynamics 365 Business Central и интегрированной системы управления предприятием Microsoft Dynamics NAV, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код
EPSS
8.5 High
CVSS3