CVE-2019-7588

Name of the Vulnerable Software and Affected Versions exacqVision Enterprise System Manager (ESM) versions 5.12.2 and prior

Description A vulnerability in the exacqVision Enterprise System Manager (ESM) allows unauthorized privilege escalation. This issue impacts ESM running on a Windows operating system, where authorized users have 'modify' permission to the ESM folders. A low-privilege account can modify files in these directories, rename and replace an executable with a malicious file, and potentially achieve system-level privileges upon system restart.

Recommendations For versions 5.12.2 and prior, consider restricting access to the ESM folders to prevent low-privilege accounts from modifying files, and avoid restarting the system until a fix is applied. As a temporary workaround, consider monitoring system restarts and executable files in the ESM directories for any malicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.