CVE-2019-19606

Опубликовано: 30 мар. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system.

Ссылки

https://blog.0xlabs.com/2020/03/x-plane-1141-remote-command-execution.html
Exploit
Third Party Advisory
https://blog.0xlabs.com/2020/03/x-plane-1141-remote-command-execution.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:x-plane:x-plane:*:*:*:*:*:*:*:*

Версия до 11.41 (исключая)

EPSS

Процентиль: 63%

0.00453

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-2rqg-jxw5-fmmm

github

больше 3 лет назад

X-Plane 11.41 and earlier has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system.