CVEs-PoC/2020/CVE-2020-9002.md

### [CVE-2020-9002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9002)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Administrator access).

### POC

#### Reference
- https://websec.nl/blog/
- https://websec.nl/blog/6127847280e759c7d31286d0/cve%20report%20august%202021/

#### Github
No PoCs found on GitHub currently.