CVE-2019-19894

Name of the Vulnerable Software and Affected Versions IXP EasyInstall version 6.2.13723

Description The issue allows an authenticated attacker, who is a non-admin, to disable User Account Control (UAC) for other users. This can be achieved by renaming and replacing the %SYSTEMDRIVE%IXPDATAIXPAS.IXP file using the Agent Service on a client system.

Recommendations For IXP EasyInstall version 6.2.13723, consider restricting access to the Agent Service to prevent non-admin users from disabling UAC. Additionally, monitor and restrict modifications to the %SYSTEMDRIVE%IXPDATAIXPAS.IXP file to minimize the risk of exploitation.