PT-2019-13107 · Extenua · Silvershield

Published

2019-08-17

Updated

2020-08-24

CVE-2019-13069

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions extenua SilverSHielD versions 6.x

Description The issue allows for Local Privilege Escalation to SYSTEM. An attacker can exploit this by replacing SilverShield.config.sqlite with a modified version that includes an additional user account. The attacker must then use SSH and port forwarding to access a service on 127.0.0.1.

Recommendations For extenua SilverSHielD versions 6.x, consider restricting access to the ProgramData folder and the SilverShield.config.sqlite file to prevent unauthorized modifications. As a temporary workaround, restrict SSH access and port forwarding to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-13069

Affected Products

Silvershield

PT-2019-13107 · Extenua · Silvershield

CVE-2019-13069

Weakness Enumeration

Related Identifiers

Affected Products

References · 5