CVE-2020-11464:Privilege Validation Vulnerability in Deskpro API Endpoint

splash
Back

Description Preview

A privilege validation vulnerability was discovered in Deskpro versions prior to 2019.8.0. The issue affects the /api/people endpoint which failed to properly validate user privileges, allowing unauthorized attackers to access sensitive information about all registered users in the system, including full names, privilege levels, email addresses, phone numbers, and other personal data.

Overview

This vulnerability (CVE-2020-11464) is classified as a CWE-269 (Improper Privilege Management) issue in Deskpro's API. The affected endpoint (/api/people) did not correctly implement access controls, allowing users with insufficient privileges to retrieve sensitive user information from the system. An attacker could exploit this vulnerability to harvest personal information about all users registered in the Deskpro instance, potentially leading to targeted phishing attacks, social engineering, or other malicious activities. This vulnerability represents a significant privacy breach and could be part of a larger attack chain as demonstrated in security research.

Remediation

  1. Upgrade Deskpro to version 2019.8.0 or later, which contains the security fix for this vulnerability.
  2. If immediate upgrading is not possible, consider temporarily restricting access to the /api/people endpoint through network controls or web application firewall rules.
  3. Audit access logs for any suspicious activity related to the /api/people endpoint that might indicate exploitation attempts.
  4. Review user privilege assignments across the Deskpro installation to ensure they follow the principle of least privilege.
  5. Consider implementing additional monitoring for API access patterns that might indicate information harvesting.

References

  1. Vendor Security Advisory: https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update
  2. Additional Vendor Advisory: https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09
  3. Technical Analysis and Exploit Details: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/
  4. MITRE CWE-269 (Improper Privilege Management): https://cwe.mitre.org/data/definitions/269.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database