Preface: In order to avoid cyber attack and insider threat. The monitoring feature is a critical feature in IT world.
Background: CapMon monitors and collects information from the infrastructure and applications. The system does not require installation of extra software on other units in the network. CapMon IT monitoring has a Web based user interface, ensuring fast access to the various functionalities.
Design weakness in this software – all priviliges commands “only” grants local administrator privilege. There is a command that allows for even higher privilege escalation – namely the “CALScriptDRUN” command.
The fact is that an issue was discovered in CapMon Access Manager 22.214.171.1245. CALRunElevated.exe provides “NT AUTHORITY\SYSTEM” access to unprivileged users via the –system option.
Should you have interest, please refer to Improsec analytic report, url shown as below: https://improsec.com/tech-blog/cam1