PT-2020-10290 · Ixp · Ixp Easyinstall

Published

2020-01-23

Updated

2020-01-31

CVE-2019-19897

CVSS v3.1

Critical

Vector

AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

Name of the Vulnerable Software and Affected Versions IXP EasyInstall version 6.2.13723

Description The issue allows for Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051 and execute code in the NT AUTHORITYSYSTEM context of the target system by using the Execute Command Line function.

Recommendations For IXP EasyInstall version 6.2.13723, as a temporary workaround, consider disabling the Agent Service or restricting access to TCP port 20051 until a patch is available. Avoid using the Execute Command Line function in the Agent Service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2019-19897

Affected Products

Ixp Easyinstall

PT-2020-10290 · Ixp · Ixp Easyinstall

CVE-2019-19897

Weakness Enumeration

Related Identifiers

Affected Products

References · 3