CVE-2019-6008

Name of the Vulnerable Software and Affected Versions Exaopc versions R1.01.00 through R3.77.00 Exaplog versions R1.10.00 through R3.40.00 Exaquantum versions R1.10.00 through R3.02.00 and version R3.15.00 Exaquantum/Batch versions R1.01.00 through R2.50.40 Exasmoc all revisions Exarqe all revisions GA10 versions R1.01.01 through R3.05.01 InsightSuiteAE versions R1.01.00 through R1.06.00

Description The issue is caused by an unquoted search path in the affected software, allowing local users to gain privileges via a Trojan horse executable file and execute arbitrary code with elevated privileges. This occurs because the path to the executable file contains spaces and is not enclosed in quotes, making it vulnerable to exploitation.

Recommendations For Exaopc versions R1.01.00 through R3.77.00, consider disabling the service until a patch is available to prevent exploitation. For Exaplog versions R1.10.00 through R3.40.00, restrict access to the executable file to minimize the risk of exploitation. For Exaquantum versions R1.10.00 through R3.02.00 and version R3.15.00, avoid using the vulnerable service until the issue is resolved. For Exaquantum/Batch versions R1.01.00 through R2.50.40, consider applying configuration changes to prevent the exploitation of the unquoted search path. For Exasmoc all revisions, Exarqe all revisions, GA10 versions R1.01.01 through R3.05.01, and InsightSuiteAE versions R1.01.00 through R1.06.00, at the moment, there is no information about a newer version that contains a fix for this vulnerability.