CRITICAL🇬🇧 English

CVE-2019-19897

CVSS 9.8v3.1pub. 2020-01-23upd. 2024-11-21

In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ixpdata Easyinstall

    APP
    Ixpdata
    6.2.13723
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEAuth BypassCommand Injection
CWE
Referencje

Powiązane podatności

CVE-2023-30131CRITICAL9.8ten sam produkt

An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated ...

CVE-2019-19896CRITICAL9.9ten sam produkt

In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share....

CVE-2023-27792HIGH7.8ten sam produkt

An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of pe...

CVE-2023-27791HIGH8.1ten sam produkt

An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecur...

CVE-2023-27793HIGH7.8ten sam produkt

An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges...