{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/ruggedcom/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-27668"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ruggedcom","privilege-escalation","cve-2026-27668","sam-p"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-27668, affects RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) versions prior to V5.8. The vulnerability stems from User Administrators being granted the ability to administer groups they belong to. An attacker with User Administrator privileges can exploit this flaw to escalate their own privileges, granting themselves unauthorized access to any device group at any access level. This vulnerability poses a significant risk to organizations relying on RUGGEDCOM CROSSBOW SAM-P for secure access management, as it could lead to unauthorized access to sensitive devices and data. Successful exploitation allows an attacker to bypass intended access controls.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains valid User Administrator credentials to the RUGGEDCOM CROSSBOW SAM-P. This could be through legitimate access or by compromising an existing account.\u003c/li\u003e\n\u003cli\u003eThe attacker logs into the RUGGEDCOM CROSSBOW SAM-P web interface using their compromised or legitimate User Administrator credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the group management section of the SAM-P interface.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies the group membership to include their own user account into a higher privileged group, or one with access to restricted devices.\u003c/li\u003e\n\u003cli\u003eThe attacker assigns themselves permissions within the targeted device group, granting themselves full administrative or read/write access.\u003c/li\u003e\n\u003cli\u003eThe attacker logs out and then logs back in to SAM-P to refresh their permissions and apply the changes.\u003c/li\u003e\n\u003cli\u003eThe attacker uses their newly acquired privileges to access and manage devices and data within the targeted device group.\u003c/li\u003e\n\u003cli\u003eThe attacker performs unauthorized actions on the devices or exfiltrates sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-27668 allows a malicious User Administrator to escalate their privileges within RUGGEDCOM CROSSBOW SAM-P. This could lead to complete control over managed devices, data breaches, and disruption of critical infrastructure. The impact of this vulnerability is significant, especially for organizations in critical infrastructure sectors that rely on RUGGEDCOM products. An attacker could gain unauthorized access to industrial control systems (ICS) or supervisory control and data acquisition (SCADA) systems.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) to version V5.8 or later to patch CVE-2026-27668.\u003c/li\u003e\n\u003cli\u003eMonitor user activity within RUGGEDCOM CROSSBOW SAM-P for suspicious privilege escalations, referencing the attack chain described above.\u003c/li\u003e\n\u003cli\u003eImplement strict access controls and regularly review user permissions to minimize the attack surface.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect RUGGEDCOM SAM-P Group Membership Modification\u0026rdquo; to identify unauthorized changes to user group memberships.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-14T09:18:18Z","date_published":"2026-04-14T09:18:18Z","id":"/briefs/2026-04-ruggdcom-privilege-escalation/","summary":"CVE-2026-27668 allows authenticated User Administrators in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) to escalate their privileges and access any device group, due to an incorrect privilege assignment in versions prior to V5.8.","title":"RUGGEDCOM CROSSBOW SAM-P Privilege Escalation Vulnerability (CVE-2026-27668)","url":"https://feed.craftedsignal.io/briefs/2026-04-ruggdcom-privilege-escalation/"}],"language":"en","title":"CraftedSignal Threat Feed — Ruggedcom","version":"https://jsonfeed.org/version/1.1"}