cbcvebase.
CVE-2019-7751
published 2019-12-31

CVE-2019-7751: A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP…

PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
14.21%
96.1th percentile
A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
ricohfusionpro_vdp< 10.010.0

Detection & IOCsextracted from sources · hover to see the quote

filenameFPProducerInternetServer.exe
pathC:\Windows\SysWOW64\FPProducerInternetServer.exe
port8080
path/Windows/System32/drivers/etc/hosts
  • Monitor HTTP GET requests to port 8080 on hosts running FusionPro VDP Creator for path traversal patterns targeting sensitive Windows files (e.g. /windows/system32/, /windows/system32/config/SAM, /windows/system32/config/SYSTEM). Forward slashes are used instead of backslashes.
  • Alert on attempts to retrieve SAM and SYSTEM database files via the FPProducerInternetServer.exe service, as these can be used for privilege escalation or credential dumping.
  • Check for the presence and running state of the Windows service named 'FusionPro Internet Request Handler' as an indicator of an exposed vulnerable endpoint.
  • ·Versions 10.0 and 10.1 may also be affected despite vendor claims of access restrictions since v9.3; do not assume patched status based solely on version number.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.