ГлавнаяУязвимости → CVE-2019-25747
7.8высокая

CVE-2019-25747

Описание

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts.

CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.exploit-db.com/exploits/47584https://www.network-inventory-advisor.com/https://www.network-inventory-advisor.com/download.htmlhttps://www.vulncheck.com/advisories/network-inventory-advisor-unquoted-service-path-privilege-escalation