GMOD Apollo Privilege Escalation Vulnerability
Vulnerability
A vulnerability in GMOD Apollo prior to version 2.8.0 allows for insufficient logical or access checks when updating user information. This flaw could be exploited by an attacker to escalate privileges for themselves or others. Additionally, the application fails to properly validate file paths when uploading data, which could lead to relative path traversal vulnerabilities. Certain functionalities within GMOD Apollo do not require authentication when an administrative username is provided, creating further opportunities for unauthorized access. The application also discloses sensitive local path information in error messages after failed file uploads.
Impact
Exploitation of this vulnerability could allow an attacker to escalate privileges, bypass authentication, upload malicious files, or access sensitive information.
Remediation
Users are advised to update GMOD Apollo to version 2.8.0 or later. GMOD also recommends following cybersecurity best practices for industrial control systems, such as minimizing network exposure and using secure remote access methods.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.