cbcvebase.
CVE-2019-13551
published 2019-10-31

CVE-2019-13551: Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.91%
91.0th percentile
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.

Affected

2 ranges
VendorProductVersion rangeFixed in
advantechwise-paas_rmm<= 3.3.29
advantech_wise-paasrmm

Detection & IOCsextracted from sources · hover to see the quote

port1880/TCP
  • CVE-2019-13551 is a path traversal vulnerability in Advantech WISE-PaaS/RMM versions 3.3.29 and prior. Detect exploitation attempts by monitoring for path traversal patterns in HTTP requests directed at the RMM platform, particularly those arriving on Port 1880/TCP.
  • The vulnerability is exploitable remotely with no authentication required (CVSS PR:N, UI:N). Monitor for unauthenticated remote requests to the WISE-PaaS/RMM service, especially those containing directory traversal sequences (e.g., '../') in file operation parameters.
  • Block or alert on all external/internet-facing access to Advantech WISE-PaaS/RMM instances. The advisory explicitly warns the product should not be accessible from the Internet.
  • ·Advantech phased out WISE-PaaS/RMM in July 2019; any remaining deployments of version 3.3.29 or prior are unpatched and permanently end-of-life. Detection should focus on identifying any surviving instances still running on the network.
  • ·No known public exploits specifically targeting CVE-2019-13551 were identified at the time of the advisory (October 2019), but the low skill level required and CVSS 9.8 score make it a high-priority detection target.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.