← Volver a CVEs
CVE-2019-19897
CRITICAL9.8
Descripcion
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/23/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
ixpdata:easyinstall
Debilidades (CWE)
CWE-78
Referencias
https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software(cve@mitre.org)
https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.