CVE-2019-19893 Information

Description

In IXP EasyInstall 6.2.13723 there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker who can access the server’s filesystem with the access rights of NT AUTHORITY\SYSTEM.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5