{"id":74,"date":"2022-09-20T09:10:00","date_gmt":"2022-09-20T09:10:00","guid":{"rendered":"https:\/\/nobugescapes.com\/?p=74"},"modified":"2023-05-23T11:50:21","modified_gmt":"2023-05-23T11:50:21","slug":"privilege-escalation-from-user-operator-to-system-administrator","status":"publish","type":"post","link":"https:\/\/nobugescapes.com\/blog\/privilege-escalation-from-user-operator-to-system-administrator\/","title":{"rendered":"Privilege escalation from user operator to System administrator"},"content":{"rendered":"\n

CVE 2022-38351<\/p>\n\n\n\n

Product & Service Introduction:<\/h3>\n\n\n\n

BioStar <\/a>2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, users can control BioStar 2 platform remotely with the mobile app for BioStar 2 and manage a mobile access card that they can use to access sites.<\/p>\n\n\n\n

<\/p>\n\n\n\n

Technical Description:<\/h3>\n\n\n\n

On Bio star 2 web application there are 7 different Operator levels, each rule has a different Privilege where the \u201cAdministrator<\/u><\/strong>\u201d has the full permission to do everything on the web application while the \u201cUser Operator\u201d <\/u><\/strong> has limited privilege, but due to missing server-side validation, I identified a way to escalate my Privilege from User Operator to system Administrator the attacker should be authenticated to the target website and logged in as \u201cUser Operator\u201d to exploit this vulnerability<\/p>\n\n\n\n

The security risk of the vulnerability is High with a CVSS (common vulnerability scoring system) count of 8.8

Successful exploitation of the vulnerability results in gaining admin privilege giving the attacker the ability to control the entire system such as <\/p>\n\n\n\n