Vulnerability Details CVE-2019-13069
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2019-13069
-
cpe:2.3:a:extenua:silvershield:6.0
-
cpe:2.3:a:extenua:silvershield:6.1.10.140
-
cpe:2.3:a:extenua:silvershield:6.1.11.141
-
cpe:2.3:a:extenua:silvershield:6.1.12.142
-
cpe:2.3:a:extenua:silvershield:6.1.14.144
-
cpe:2.3:a:extenua:silvershield:6.1.4.134
-
cpe:2.3:a:extenua:silvershield:6.1.5.135
-
cpe:2.3:a:extenua:silvershield:6.1.6.136
-
cpe:2.3:a:extenua:silvershield:6.1.7.137
-
cpe:2.3:a:extenua:silvershield:6.1.8.138
-
cpe:2.3:a:extenua:silvershield:6.1.9.139