Path Traversal in Ixpdata Easyinstall
CVE-2019-19893
In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM.
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.025 (83.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Ixpdata Easyinstall — versions 6.2.13723
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-19893?
- CVE-2019-19893 is a high-severity vulnerability in Ixpdata Easyinstall, classified under Path Traversal. CVSS score: 7.5/10. Published 2020-01-23.
- How severe is CVE-2019-19893?
- High severity. CVSS v3 base score is 7.5 out of 10.