1. Home
  2. CVE Database
  3. CVE-2019-17445
MEDIUM · 5.5

CVE-2019-17445

An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the...

Vulnerability Description

An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
EracentEda Agent<= 10.2.26
EracentEpa Agent<= 10.2.26
EracentEpm Agent<= 10.2.26
EracentEua Agent<= 10.2.26
EracentFlw Agent<= 10.2.26
EracentSum Agent<= 10.2.26
LinuxLinux Kernel-

Related Weaknesses (CWE)

CWE-59

References

FAQ

What is CVE-2019-17445?

CVE-2019-17445 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the...

How severe is CVE-2019-17445?

CVE-2019-17445 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-17445?

Check the references section above for vendor advisories and patch information. Affected products include: Eracent Eda Agent, Eracent Epa Agent, Eracent Epm Agent, Eracent Eua Agent, Eracent Flw Agent.