Untrusted search path in Ghidra - CVE-2019-17664
Published: October 27, 2019 / Updated: January 6, 2023
Vulnerability identifier: #VU22307
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-17664
CWE-ID: CWE-426
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: National Security Agency
Affected software:
Ghidra
Ghidra
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Java process uses the current working directory for launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option. A local user who can place malicious files on the system and trick the victim to run Ghidrafrom the specific directory can execute the cmd.exe program from this working directory with privileges of the current user.
How to mitigate CVE-2019-17664
Install update from vendor's website.