PT-2019-12355 · Softing · Uagate Si

Djo

Published

2019-10-10

Updated

2021-07-21

CVE-2019-11526

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Softing uaGate SI version 1.60.01

Description An issue was discovered that allows file path injection via a maintenance script executable with sudo privileges. This enables an attacker to write files with superuser privileges in specific locations.

Recommendations For Softing uaGate SI version 1.60.01, consider restricting access to the maintenance script to prevent exploitation until a fix is available. As a temporary workaround, limit the use of sudo privileges for the script to minimize the risk of file path injection.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-11526

Affected Products

Uagate Si

PT-2019-12355 · Softing · Uagate Si

CVE-2019-11526

Weakness Enumeration

Related Identifiers

Affected Products

References · 3