CVE-2022-26251: 
Synametrics SynaMan vulnerability analysis and mitigation

CVE-2022-26251 is a remote code execution (RCE) and privilege escalation vulnerability affecting Synametrics' Synaman software versions 5.0 and below, with partial fixes in version 5.1. The vulnerability was discovered in early 2022 and allows an authenticated administrator to escalate privileges to SYSTEM level access through the software's web UI features (Bencteux Blog).

The vulnerability exists in the web UI accessible on port 6060, where authenticated administrators can create read/write shares in arbitrary locations on the server and set up 'triggers' to execute arbitrary executables. The SynaMan.exe binary runs with SYSTEM privileges by default, meaning any actions performed through these features are executed with elevated privileges (Bencteux Blog).

When exploited, this vulnerability allows an attacker to escalate from administrator privileges on the web UI to SYSTEM privileges on the web server, effectively gaining complete control over the affected system (Bencteux Blog).

Version 5.1 introduced a checkbox during installation to restrict administrator access to localhost, however this is not enabled by default. Even with this restriction enabled, remote access to the web interface with admin credentials remains possible. Users should upgrade to the latest version and ensure administrator access is properly restricted (Bencteux Blog).