Beakon Application Privilege Escalation Vulnerability
Vulnerability
A privilege escalation vulnerability has been identified in the Beakon Application, affecting versions prior to 5.4.3. This vulnerability allows authenticated users with low-level privileges to escalate their rights and execute commands as an Administrator. The issue arises from incorrect access control, which fails to properly authorize actions based on user roles.
Impact
Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling low-level users to gain Administrator rights and access associated commands and functionalities.
Reproduction
To reproduce this vulnerability, an authenticated user with low privileges, such as a contractor employee, can send crafted requests to create a user by using an Administrator's user role ID. The application lacks proper authorization checks, allowing the low-privilege user to create higher-privileged users, such as Administrators.
Remediation
Users are advised to update to Beakon Application version 5.4.3 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.