cbcvebase.
CVE-2019-17124
published 2019-10-09

CVE-2019-17124: Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
23.12%
97.5th percentile
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.

Affected

11 ranges
VendorProductVersion rangeFixed in
krameravviaware<= 2021-08
krameravviaware
msrcmicrosoft_365_apps_for_enterprise_for_32-bit_systems
msrcmicrosoft_365_apps_for_enterprise_for_64-bit_systems
msrcmicrosoft_office_2019_for_32-bit_editions
msrcmicrosoft_office_2019_for_64-bit_editions
msrcmicrosoft_office_2019_for_mac
msrcmicrosoft_powerpoint_2010_service_pack_2
msrcmicrosoft_powerpoint_2013_rt_service_pack_1
msrcmicrosoft_powerpoint_2013_service_pack_1
msrcmicrosoft_powerpoint_2016

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://<host>/admin/login.php
path/admin/login.php
  • Exploit authenticates to /admin/login.php via POST with form fields 'txtUserId', 'txtPwd', and 'btnOk' — monitor for POST requests to this endpoint, especially from unexpected source IPs or with default/weak credentials.
  • Exploit disables TLS certificate verification (verify=False) when communicating with the target — HTTPS traffic to the admin panel from clients ignoring certificate errors may indicate exploit activity.
  • The exploit uses a specific User-Agent string; monitor for this exact UA string in web server logs targeting Kramer VIAware admin endpoints.
  • After authentication, the exploit calls a 'writeCommand' and 'getResult' function against the host, indicating a web-based command execution interface is abused post-login — monitor for unusual command-like POST/GET parameters on the VIAware admin panel.
  • The CVE is described as Incorrect Access Control on Kramer VIAware 2.5.0719.1034 — patch or restrict access to the admin panel; flag any unauthenticated or low-privilege access to admin functionality.
  • ·The exploit was tested specifically on VIAware Go running Windows 10; behavior on other VIAware hardware/OS variants may differ.
  • ·The exploit targets only version 2.5.0719.1034; other versions are not confirmed vulnerable by this PoC.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.