#Microsoft Configuration Manager

**How could an attacker exploit this vulnerability?** An attacker with access to any user account assigned the built-in CMPivot Administrator security role could exploit this vulnerability by escalating privileges. Specifically, they could assign themselves—or another account—the Full Administrator role (or any other elevated role), or modify existing role permissions. This would allow them to bypass intended security boundaries and gain unrestricted access across the hierarchy.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** For the vulnerability, this means the exploitation requires a specific and uncommon condition: an Active Directory user account must exist with a matching user principal name (UPN) that was not properly synchronized to Microsoft Entra ID.

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain sysadmin privileges.

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.