CVE-2019-19895 Information

Description

In IXP EasyInstall 6.2.13723 there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can by modifying SYSTEMDRIVE\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat achieve this movement and execute code in the context of other users.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8