CVE-2019-20456 — HIGH (7.8)

Q: How severe is CVE-2019-20456?

CVE-2019-20456 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-20456?

Check the references section above for vendor advisories and patch information. Affected products include: Goverlan Client Agent, Goverlan Reach Console, Goverlan Reach Server, Microsoft Windows.

Vulnerability Description

Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Goverlan	Client Agent	< 9.20.50
Goverlan	Reach Console	< 9.50
Goverlan	Reach Server	< 3.50
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-426

References

https://www.goverlan.com/knowledge/article/security-advisory-govsa-2019-1028-1-lVendor Advisory
https://www.goverlan.com/knowledge/article/security-advisory-govsa-2019-1028-1-lVendor Advisory

FAQ

What is CVE-2019-20456?

CVE-2019-20456 is a vulnerability with a CVSS score of 7.8 (HIGH). Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escala...

How severe is CVE-2019-20456?

CVE-2019-20456 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-20456?

Check the references section above for vendor advisories and patch information. Affected products include: Goverlan Client Agent, Goverlan Reach Console, Goverlan Reach Server, Microsoft Windows.