Vulnerability Description
Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Code42 | Code42 | <= 7.0.2 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://code42.com/r/support/CVE-2019-16861Vendor Advisory
- https://support.code42.com/Terms_and_conditions/Code42_customer_support_resourceVendor Advisory
- https://code42.com/r/support/CVE-2019-16861Vendor Advisory
- https://support.code42.com/Terms_and_conditions/Code42_customer_support_resourceVendor Advisory
FAQ
What is CVE-2019-16861?
CVE-2019-16861 is a vulnerability with a CVSS score of 7.3 (HIGH). Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The ...
How severe is CVE-2019-16861?
CVE-2019-16861 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16861?
Check the references section above for vendor advisories and patch information. Affected products include: Code42 Code42, Microsoft Windows.