#VU29312 Permissions, Privileges, and Access Controls in ENTTEC products - CVE-2019-12777
Published: June 26, 2020
Vulnerability identifier: #VU29312
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-12777
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Datagate Mk2
Storm 24
Pixelator
E-Streamer Mk2
Datagate Mk2
Storm 24
Pixelator
E-Streamer Mk2
Software vendor:
ENTTEC
ENTTEC
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the system replaces permissions by the underlying operating system with highly insecure read, write, and execute directory permissions for all users. A remote authenticated attacker can gain elevated privileges on the target system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.