PT-2019-15760 · Titanhq · Webtitan

Published

2019-12-02

Updated

2020-08-24

CVE-2019-19019

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TitanHQ WebTitan versions prior to 5.18

Description An issue was discovered that allows for Remote Code Execution, enabling an attacker to execute arbitrary code as root. This issue stems from the hotfix download mechanism, which downloads a shell script via HTTP and then executes it as root.

Recommendations For versions prior to 5.18, update to version 5.18 or later to resolve the issue. As a temporary workaround, consider disabling the hotfix download mechanism until a patch is available. Restrict access to the hotfix download feature to minimize the risk of exploitation.

Exploit

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

CVE-2019-19019

Affected Products

Webtitan

PT-2019-15760 · Titanhq · Webtitan

CVE-2019-19019

Weakness Enumeration

Related Identifiers

Affected Products

References · 4