Vulnerability Description
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Saltosystem | Proaccess Space | <= 5.5 |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/155525/SALTO-ProAccess-SPACE-5.5-TraversalThird Party AdvisoryVDB Entry
- https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-ExploitThird Party Advisory
- https://packetstormsecurity.com/files/155525/SALTO-ProAccess-SPACE-5.5-TraversalThird Party AdvisoryVDB Entry
- https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-ExploitThird Party Advisory
FAQ
What is CVE-2019-19459?
CVE-2019-19459 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that wil...
How severe is CVE-2019-19459?
CVE-2019-19459 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-19459?
Check the references section above for vendor advisories and patch information. Affected products include: Saltosystem Proaccess Space.