https://redforce.io
## ِAdvisory Information
Title: Deskpro Helpdesk < 2019.8.0 Multiple Vulnerabilities
Advisory URL:
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Date published: 2020-03-28
Date of last update: 2020-03-30
Vendors contacted: DeskPro
## About Deskpro
Deskpro is a helpdesk software solution that helps companies
manage their
communication with their customers and user base across a
multiple
channels; email, live chat, voice, social media. DeskPro has
clients in
different industries. Some of the well-known names per their
website are:
Microsoft, Siemens, P&G, Vodafone, HMRC, CapitalOne, Panasonic,
NHS, Valve,
Brown University, Hotel Chocolat, Garmin, Team USA, Arrow, Pure,
Xerox,
1&1, Booz Allen Hamilton, Bitdefender, US Department of Defense
and more.
## Vulnerability Description
Deskpro on-premise helpdesk solution < 2019.8.0 was found to be
prone to
multiple high
severity vulnerabilities that enable a remote attacker to escalate
their
privilege to helpdesk administrator. Moreover, it was prone to
remote code
execution (RCE) leading to full compromise of the server.
Full vulnerability technical details and exploitation steps can
be found in
our advisory (
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
)
## Credits
These vulnerabilities were discovered and researched by Abdulrahman
Nour
from RedForce.
## About RedForce
RedForce is an information security consultancy firm consists of a
team of
experts in the offensive security field. By using the latest
techniques,
methodologies and attack simulation from an adversary prospective,
we make
sure that your organization is approaching the best practice to
mitigate
the risk at the lowest cost. We approach our offensive services
from a
holistic approach. Our aim is to contribute to the efforts of our
customers
in securing the critical IT infrastructure and crown jewels within
their IT
landscape. For more information, please visit
https://redforce.io
Read more https://packetstormsecurity.com/files/157050/deskprohd-execescalate.txt
