A high-severity vulnerability has been identified in multiple products from the vendor "high". This flaw allows a remote attacker who already has high-level privileges on the system to break out of a restricted software environment and execute arbitrary commands, effectively granting them full control over the affected system. Successful exploitation could lead to complete system compromise, data theft, or operational disruption.

The vulnerability is a sandbox escape within the LUA scripting engine implemented in the affected products. An attacker who has already obtained high-privileged access to the application can leverage an undocumented method to bypass the security restrictions of the LUA sandbox. This allows the attacker to execute commands directly on the underlying operating system with the permissions of the service account running the application, leading to a full remote code execution (RCE) scenario.

This vulnerability is rated as High severity with a CVSS score of 7.2. A successful exploit would grant an attacker complete control over the compromised system. This could lead to severe business consequences, including the theft or modification of sensitive corporate data, deployment of ransomware, disruption of critical business services, and using the compromised system as a pivot point to launch further attacks against the internal network. While the vulnerability requires an attacker to already possess high-level credentials, it poses a significant risk from insider threats or as a privilege escalation step in a multi-stage attack.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately across all affected systems. After patching, it is crucial to review system and application access logs for any signs of anomalous activity that may indicate a prior compromise.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for unusual or unauthorized LUA script executions, unexpected child processes being spawned by the application (e.g., cmd.exe, powershell.exe, /bin/sh), and anomalous outbound network traffic from the host server.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Strictly enforce the principle of least privilege and limit the number of high-privileged accounts.
• Implement application whitelisting to prevent the execution of unauthorized OS commands.
• Use network segmentation to isolate affected systems and prevent lateral movement in the event of a compromise.
• Enhance logging for privileged user activity and forward logs to a centralized SIEM for correlation and alerting.

Public Exploit Available: false

Given the high severity rating and the potential for complete system compromise, this vulnerability must be addressed with urgency. We strongly recommend that organizations prioritize the deployment of the vendor-supplied patches to all affected assets. Although this vulnerability is not currently listed on the CISA KEV catalog, its impact warrants immediate attention. Organizations should treat this as a critical finding and accelerate patching, especially on internet-facing systems or those housing sensitive data.