Vulnerability Details CVE-2019-19470
Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://gist.github.com/pylorak/7df52c9325614676e07782dbe4e81582
- https://www.wilderssecurity.com/threads/beta-testing-tinywall.309739/page-62#post-2882843
- https://gist.github.com/pylorak/7df52c9325614676e07782dbe4e81582
- https://www.wilderssecurity.com/threads/beta-testing-tinywall.309739/page-62#post-2882843
Products affected by CVE-2019-19470
-
cpe:2.3:a:tinywall:tinywall:1.0.0
-
cpe:2.3:a:tinywall:tinywall:1.0.1
-
cpe:2.3:a:tinywall:tinywall:1.0.2
-
cpe:2.3:a:tinywall:tinywall:1.0.3
-
cpe:2.3:a:tinywall:tinywall:1.0.4
-
cpe:2.3:a:tinywall:tinywall:2.0.0
-
cpe:2.3:a:tinywall:tinywall:2.0.1
-
cpe:2.3:a:tinywall:tinywall:2.1.0
-
cpe:2.3:a:tinywall:tinywall:2.1.1
-
cpe:2.3:a:tinywall:tinywall:2.1.10
-
cpe:2.3:a:tinywall:tinywall:2.1.11
-
cpe:2.3:a:tinywall:tinywall:2.1.12
-
cpe:2.3:a:tinywall:tinywall:2.1.2
-
cpe:2.3:a:tinywall:tinywall:2.1.3
-
cpe:2.3:a:tinywall:tinywall:2.1.4
-
cpe:2.3:a:tinywall:tinywall:2.1.5
-
cpe:2.3:a:tinywall:tinywall:2.1.6
-
cpe:2.3:a:tinywall:tinywall:2.1.7
-
cpe:2.3:a:tinywall:tinywall:2.1.8
-
cpe:2.3:a:tinywall:tinywall:2.1.9