CVE-2019-18631 — HIGH (7.8)

Vulnerability Description

The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers to execute arbitrary code inside the Centrify process via (1) a crafted application that makes a pipe connection to the process and sends malicious serialized data or (2) a crafted Microsoft Management Console snap-in control file.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Centrify	Authentication Service	3.4.0
Centrify	Infrastructure Services	18.8
Centrify	Privilege Elevation Service	3.4.0

Related Weaknesses (CWE)

CWE-502

References

https://centrify.force.com/support/Article/KB-22420-Centrify-Agent-for-Windows-RPatchVendor Advisory
https://centrify.force.com/support/Article/KB-22420-Centrify-Agent-for-Windows-RPatchVendor Advisory

FAQ

What is CVE-2019-18631?

CVE-2019-18631 is a vulnerability with a CVSS score of 7.8 (HIGH). The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecifi...

How severe is CVE-2019-18631?

CVE-2019-18631 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18631?

Check the references section above for vendor advisories and patch information. Affected products include: Centrify Authentication Service, Centrify Infrastructure Services, Centrify Privilege Elevation Service.