Vulnerability Description
EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\EPP device are not properly protected, leading to unintended impersonation or object creation. This vulnerability has been fixed in version 2018.12 and later.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emsisoft | Anti-Malware | <= 2018.12 |
References
- https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisofRelease NotesVendor Advisory
- https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-01-09-emsisofExploitThird Party Advisory
- https://help.emsisoft.com/en/1760/vulnerability-report-en/Vendor Advisory
- https://nafiez.github.io/security/bypass/2019/01/08/emsisoft-Anti-Malware-bypassExploitThird Party Advisory
- https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisofRelease NotesVendor Advisory
- https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-01-09-emsisofExploitThird Party Advisory
- https://help.emsisoft.com/en/1760/vulnerability-report-en/Vendor Advisory
- https://nafiez.github.io/security/bypass/2019/01/08/emsisoft-Anti-Malware-bypassExploitThird Party Advisory
FAQ
What is CVE-2019-7651?
CVE-2019-7651 is a vulnerability with a CVSS score of 7.5 (HIGH). EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories...
How severe is CVE-2019-7651?
CVE-2019-7651 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7651?
Check the references section above for vendor advisories and patch information. Affected products include: Emsisoft Anti-Malware.