Vulnerability Details CVE-2019-13551
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://www.us-cert.gov/ics/advisories/icsa-19-304-01
- https://www.zerodayinitiative.com/advisories/ZDI-19-935/
- https://www.zerodayinitiative.com/advisories/ZDI-19-941/
- https://www.zerodayinitiative.com/advisories/ZDI-19-950/
- https://www.zerodayinitiative.com/advisories/ZDI-19-958/
- https://www.us-cert.gov/ics/advisories/icsa-19-304-01
- https://www.zerodayinitiative.com/advisories/ZDI-19-935/
- https://www.zerodayinitiative.com/advisories/ZDI-19-941/
- https://www.zerodayinitiative.com/advisories/ZDI-19-950/
- https://www.zerodayinitiative.com/advisories/ZDI-19-958/
Products affected by CVE-2019-13551
-
cpe:2.3:a:advantech:wise-paas/rmm:-
-
cpe:2.3:a:advantech:wise-paas/rmm:3.3.29