CVE-2019-11553 : Security Advisory and Response
Learn about CVE-2019-11553 affecting Code42 for Enterprise versions up to 6.8.4. Understand the impact, exploitation mechanism, and mitigation steps to prevent unauthorized access.
In versions up to 6.8.4 of Code42 for Enterprise, an administrator can impersonate a user with web restore permission, potentially leading to unauthorized actions.
Understanding CVE-2019-11553
What is CVE-2019-11553?
This CVE describes a security flaw in Code42 for Enterprise versions up to 6.8.4 that allows an administrator without web restore permission to assume the identity of a user with such privileges.
The Impact of CVE-2019-11553
Exploiting this vulnerability enables an administrator to impersonate a user with web restore permission, potentially leading to unauthorized access and actions within the organization.
Technical Details of CVE-2019-11553
Vulnerability Description
- An administrator lacking web restore permission can impersonate a user with such privileges.
Affected Systems and Versions
- Code42 for Enterprise versions up to 6.8.4.
Exploitation Mechanism
- An administrator managing user accounts can request the token enabling web restore on behalf of a user with web restore permission.
Mitigation and Prevention
Immediate Steps to Take
- Upgrade Code42 for Enterprise to version 6.8.4 or higher.
- Review and adjust administrator privileges to prevent unauthorized impersonation.
Long-Term Security Practices
- Regularly review and update user permissions and roles.
- Conduct security training for administrators on proper access management.
Patching and Updates
- Stay informed about security updates and patches from Code42 for Enterprise.