CVE-2019-19458
published 2019-12-03CVE-2019-19458: SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
PriorityP345high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EPSS
2.79%
84.6th percentile
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltosystem | proaccess_space | <= 5.5 | — |
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vg44-7gqv-2h5h: SALTO ProAccess SPACE 5
ghsa_unreviewed·2022-05-24
CVE-2019-19458 [HIGH] CWE-22 GHSA-vg44-7gqv-2h5h: SALTO ProAccess SPACE 5
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
GHSA
GHSA-v5mw-2gc6-7h62: An issue was discovered in SALTO ProAccess SPACE 5
ghsa_unreviewed·2022-05-24·CVSS 8.6
CVE-2019-19460 [HIGH] GHSA-v5mw-2gc6-7h62: An issue was discovered in SALTO ProAccess SPACE 5
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.
GHSA
GHSA-pm2v-2gwc-36m2: An issue was discovered in SALTO ProAccess SPACE 5
ghsa_unreviewed·2022-05-24·CVSS 8.6
CVE-2019-19459 [HIGH] CWE-20 GHSA-pm2v-2gwc-36m2: An issue was discovered in SALTO ProAccess SPACE 5
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://packetstormsecurity.com/files/155525/SALTO-ProAccess-SPACE-5.5-Traversal-File-Write-XSS-Bypass.htmlhttps://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-salto-proaccess-space/https://packetstormsecurity.com/files/155525/SALTO-ProAccess-SPACE-5.5-Traversal-File-Write-XSS-Bypass.htmlhttps://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-salto-proaccess-space/
2019-12-03
Published