CVE-2020-7388 : Security Advisory and Response

Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing

Understanding CVE-2020-7388

Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. This vulnerability allows an attacker to bypass credential validation by editing the client-side authentication request. Exploiting this issue requires knowledge of the installation path, which can be obtained by exploiting CVE-2020-7387. The vulnerability was addressed in AdxAdmin 93.2.53, included in updates for on-premises versions of Sage X3.

What is CVE-2020-7388?

Unauthenticated Remote Command Execution (RCE) vulnerability in Sage X3
Allows attackers to bypass credential validation by editing authentication requests
Requires knowledge of the installation path

The Impact of CVE-2020-7388

CVSS Base Score: 10 (Critical)
Attack Vector: Network
Confidentiality Impact: High
Integrity Impact: High
Scope: Changed
No privileges required for exploitation

Technical Details of CVE-2020-7388

Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing

Vulnerability Description

Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component
Bypasses credential validation through client-side authentication request manipulation

Affected Systems and Versions

Product: X3 by Sage
Versions affected: AdxAdmin 93.2.53

Exploitation Mechanism

Attacker edits client-side authentication request
Requires knowledge of the installation path

Mitigation and Prevention

Immediate Steps to Take

Apply the security patch provided by Sage for AdxAdmin 93.2.53
Monitor for any unauthorized access or unusual activities

Long-Term Security Practices

Regularly update and patch all software and systems
Conduct security training for employees to prevent social engineering attacks

Patching and Updates

Ensure all Sage X3 on-premises versions are updated to the latest supported versions