CVE-2019-18643

CRITICAL

9.8

Description

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to upload ASPX code and gain remote code execution on the application. The application typically runs as LocalSystem as mandated in the installation guide. Patched in versions 8.10 and 9.4.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/7/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

sparkdevnetwork:rock_rms

Faiblesses (CWE)

CWE-434

References

http://packetstormsecurity.com/files/160766/Rock-RMS-File-Upload-Account-Takeover-Information-Disclosure.html(cve@mitre.org)

http://packetstormsecurity.com/files/160766/Rock-RMS-File-Upload-Account-Takeover-Information-Disclosure.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.