PT-2019-14656 · Keeper · Keeper K5
Published
2019-09-19
·
Updated
2021-07-21
·
CVE-2019-16398
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Keeper K5 versions 20.1.0.25 through 20.1.0.63
Description
The issue allows for remote code execution by inserting an SD card with a specifically named file, zskj script run.sh, which can execute a reverse shell.
Recommendations
For Keeper K5 versions 20.1.0.25 through 20.1.0.63, consider disabling the execution of scripts from SD cards as a temporary mitigation measure until a patch is available. Restrict access to the device to minimize the risk of exploitation.
Exploit
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Keeper K5