Path Traversal in Ixpdata Easyinstall

CVE-2019-19893

In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.025 (83.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2019-19893?
CVE-2019-19893 is a high-severity vulnerability in Ixpdata Easyinstall, classified under Path Traversal. CVSS score: 7.5/10. Published 2020-01-23.
How severe is CVE-2019-19893?
High severity. CVSS v3 base score is 7.5 out of 10.