CVE-2019-19897 Information
Share on:
Feb 14, 2021
cve
Description
In IXP EasyInstall 6.2.13723 there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051 and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8