CVE-2020-25106 – CVE-2020-25106 is a privilege escalation vulner... (How to Fix)

Q: What is the severity of CVE-2020-25106?

CVE-2020-25106 has a CVSS score of 7.8 (HIGH). CVE-2020-25106 is a privilege escalation vulnerability in Nanosystems SupRemo 4.1.3.2348 that allows attackers to rename the legitimate Supremo.exe file and replace it with a malicious executable, gaining LocalSystem privileges. This affects organizations using the vulnerable version of SupRemo remote access software. Attackers with local access can exploit this to achieve complete system control.

📋 TL;DR

CVE-2020-25106 is a privilege escalation vulnerability in Nanosystems SupRemo 4.1.3.2348 that allows attackers to rename the legitimate Supremo.exe file and replace it with a malicious executable, gaining LocalSystem privileges. This affects organizations using the vulnerable version of SupRemo remote access software. Attackers with local access can exploit this to achieve complete system control.

💻 Affected Systems

Products:

Nanosystems SupRemo

Versions: 4.1.3.2348

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the File Manager functionality that allows renaming of the main executable without proper permission checks.

📦 What is this software?

Supremo by Supremocontrol

View all CVEs affecting Supremo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with LocalSystem privileges, allowing installation of persistent malware, credential theft, lateral movement, and full administrative control of the affected system.

🟠

Likely Case

Local privilege escalation leading to administrative access on the compromised system, enabling further attacks within the network.

🟢

If Mitigated

Limited impact if proper file permissions and application whitelisting prevent unauthorized file modifications.

🌐 Internet-Facing: LOW - This requires local access to the system, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Attackers with initial access to the system (even as low-privilege users) can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. The technique is simple: rename Supremo.exe, upload malicious file with same name, and execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 4.1.3.2348

Vendor Advisory: https://www.supremocontrol.com/changelog/

Restart Required: Yes

Instructions:

1. Download latest SupRemo version from official website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Restrict File Permissions

windows

Set strict file permissions on Supremo.exe to prevent unauthorized modifications

icacls "C:\Program Files\SupRemo\Supremo.exe" /deny Users:(W)

Application Whitelisting

windows

Implement application whitelisting to prevent execution of unauthorized binaries

🧯 If You Can't Patch

Remove or restrict access to SupRemo File Manager functionality
Implement strict file integrity monitoring on Supremo.exe and related directories

🔍 How to Verify

Check if Vulnerable:

Check SupRemo version in Help > About. If version is 4.1.3.2348, system is vulnerable.

Check Version:

Check SupRemo GUI: Help > About, or examine file properties of Supremo.exe

Verify Fix Applied:

Verify version is updated beyond 4.1.3.2348 and test if File Manager can rename Supremo.exe (should be prevented).

📡 Detection & Monitoring

Log Indicators:

File rename operations on Supremo.exe
Creation of new Supremo.exe files in unusual locations
Process execution with Supremo.exe from non-standard paths

Network Indicators:

Unusual SupRemo connection patterns post-exploitation

SIEM Query:

EventID=4663 OR EventID=4656 AND ObjectName LIKE '%Supremo.exe%' AND AccessMask=0x2

📊 Metadata

CVE ID: CVE-2020-25106

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: December 22, 2020

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/160666/SUPREMO-4.1.3.2348-Privilege-Escalation.html Exploit,Third Party Advisory
https://seclists.org/fulldisclosure/2020/Dec/42 Exploit,Mailing List,Third Party Advisory
https://www.supremocontrol.com/changelog/ Release Notes,Vendor Advisory
http://packetstormsecurity.com/files/160666/SUPREMO-4.1.3.2348-Privilege-Escalation.html Exploit,Third Party Advisory
https://seclists.org/fulldisclosure/2020/Dec/42 Exploit,Mailing List,Third Party Advisory
https://www.supremocontrol.com/changelog/ Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-25106, you might also want to check these: