Multiple vulnerabilities in IXP EasyInstall
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2019-19898 CVE-2019-19894 CVE-2019-19893 CVE-2019-19896 CVE-2019-19897 CVE-2019-19895 |
| CWE-ID | CWE-319 CWE-20 CWE-22 CWE-276 CWE-94 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
EasyInstall Client/Desktop applications / Other client software |
| Vendor | IXP Data |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Cleartext transmission of sensitive information
EUVDB-ID: #VU24774
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19898
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information to the IXP server instance during login. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEasyInstall: 6.2.13723
External linkshttp://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU24773
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19894
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to temporarily disable UAC.
The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated attacker can disable UAC for other users by renaming and replacing "%SYSTEMDRIVE%IXPDATAIXPAS.IXP".
MitigationInstall updates from vendor's website.
Vulnerable software versionsEasyInstall: 6.2.13723
External linkshttp://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU24772
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19893
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences on TCP port 8000 via the Engine Service. A remote attacker, who can access the server's filesystem with the access rights of "NT AUTHORITYSYSTEM", can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEasyInstall: 6.2.13723
External linkshttp://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Incorrect default permissions
EUVDB-ID: #VU24771
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19896
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows
modification of directories and files (e.g., bat-scripts), which allows remote authenticated attacker to execute arbitrary code in the context of "NT AUTHORITYSYSTEM" on the target
server and clients.
Install updates from vendor's website.
Vulnerable software versionsEasyInstall: 6.2.13723
External linkshttp://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Code Injection
EUVDB-ID: #VU24770
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19897
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Agent Service. A remote attacker can communicate with the Agent Service over TCP port 20051 and execute arbitrary code in the "NT AUTHORITYSYSTEM" context of the target system by using the Execute Command Line function.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEasyInstall: 6.2.13723
External linkshttp://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU24769
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19895
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the Lateral Movement (using the Agent Service) against other users on a client system. A remote authenticated attacker can modify "%SYSTEMDRIVE%IXPSW[PACKAGE_CODE]EveryLogon.bat" to achieve this movement and execute code in the context of other users.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEasyInstall: 6.2.13723
External linkshttp://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
