CVE-2019-7590

ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.

CVSS v3 6.7 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/109307	Third Party Advisory VDB Entry
https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341	Patch Third Party Advisory
https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	Mitigation Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-199-01	Third Party Advisory US Government Resource
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php	Third Party Advisory
http://www.securityfocus.com/bid/109307	Third Party Advisory VDB Entry
https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341	Patch Third Party Advisory
https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	Mitigation Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-199-01	Third Party Advisory US Government Resource
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:johnsoncontrols:exacqvision_server:9.6:::::::*
	cpe:2.3:a:johnsoncontrols:exacqvision_server:9.8:::::::*

History

21 Nov 2024, 04:48

Type	Values Removed	Values Added
CVSS	v2 : ~~4.6~~ v3 : ~~7.8~~	v2 : 4.6 v3 : 6.7
References	~~() http://www.securityfocus.com/bid/109307 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/109307 - Third Party Advisory, VDB Entry
References	~~() https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341 - Patch, Third Party Advisory~~	() https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341 - Patch, Third Party Advisory
References	~~() https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry~~	() https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.johnsoncontrols.com/cyber-solutions/security-advisories - Mitigation, Vendor Advisory~~	() https://www.johnsoncontrols.com/cyber-solutions/security-advisories - Mitigation, Vendor Advisory
References	~~() https://www.us-cert.gov/ics/advisories/icsa-19-199-01 - Third Party Advisory, US Government Resource~~	() https://www.us-cert.gov/ics/advisories/icsa-19-199-01 - Third Party Advisory, US Government Resource
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php - Third Party Advisory~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php - Third Party Advisory

Information

Published : 2019-07-19 21:15

Updated : 2024-11-21 04:48

NVD link : CVE-2019-7590

Mitre link : CVE-2019-7590

CVE.ORG link : CVE-2019-7590

JSON object : View

Products Affected

johnsoncontrols

exacqvision_server

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2019-7590", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "productsecurity@jci.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-07-19T21:15:11.507", "references": [{"url": "http://www.securityfocus.com/bid/109307", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productsecurity@jci.com"}, {"url": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341", "tags": ["Patch", "Third Party Advisory"], "source": "productsecurity@jci.com"}, {"url": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "productsecurity@jci.com"}, {"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "tags": ["Mitigation", "Vendor Advisory"], "source": "productsecurity@jci.com"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "productsecurity@jci.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php", "tags": ["Third Party Advisory"], "source": "productsecurity@jci.com"}, {"url": "http://www.securityfocus.com/bid/109307", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productsecurity@jci.com", "description": [{"lang": "en", "value": "CWE-428"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "ExacqVision Server\u2019s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4."}, {"lang": "es", "value": "Los servicios de exacqVision Server 'exacqVisionServer', 'dvrdhcpserver' y 'mdnsresponder' tienen una ruta de servicio sin comillas. Si un usuario autenticado puede insertar c\u00f3digo en la ruta ra\u00edz de su sistema, puede ejecutarse potencialmente durante el inicio de la aplicaci\u00f3n. Esto podr\u00eda permitir al usuario autenticado elevar los privilegios en el sistema. Este problema afecta a: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8 Este problema no afecta: Exacq Technologies, Inc. exacqVision Server versi\u00f3n 9.4 y versiones anteriores; 19.03. No se sabe si este problema afecta: Exacq Technologies, Inc. exacqVision Server versiones anteriores a 8.4"}], "lastModified": "2024-11-21T04:48:23.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:johnsoncontrols:exacqvision_server:9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6F79193-B536-4D53-9EB7-38343B9125E0"}, {"criteria": "cpe:2.3:a:johnsoncontrols:exacqvision_server:9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06B0C8B6-ECE0-44E9-9AA6-50D7491024AC"}], "operator": "OR"}]}], "sourceIdentifier": "productsecurity@jci.com"}

6.7 /10