ELBA5 Remote Code Execution Vulnerability in Database Access
Vulnerability
A remote code execution vulnerability has been identified in ELBA5 version 5.8.0. This vulnerability allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Exploitation involves connecting to the database using default connector credentials, decrypting the DBA password, and executing commands via the xp_cmdshell stored procedure or adding backdoor users to the BEDIENER table.
Impact
Exploitation of this vulnerability allows for remote code execution on the ELBA5 server with full SYSTEM level permissions.
Reproduction
The vulnerability can be reproduced by connecting to the target ELBA5 server's database using the default 'connector' credentials. After establishing the connection, the DBA password can be decrypted and used to gain access as a DBA. Once connected as a DBA, commands can be executed on the server or backdoor users can be added to the BEDIENER table.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.