CVE-2019-7590

Name of the Vulnerable Software and Affected Versions Exacq Technologies, Inc. exacqVision Server versions 9.6; 9.8

Description The ExacqVision Server has an issue with unquoted service paths in its services, including 'exacqVisionServer', 'dvrdhcpserver', and 'mdnsresponder'. This could allow an authenticated user to potentially execute code during application startup if they can insert code in the system root path, leading to a possible elevation of privileges on the system.

Recommendations For Exacq Technologies, Inc. exacqVision Server version 9.6, update to a version that fixes this issue. For Exacq Technologies, Inc. exacqVision Server version 9.8, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the system root path to prevent potential code execution during application startup.