Vulnerability Details CVE-2019-7669
Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.358
EPSS Ranking 97.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/155270/FlexAir-Access-Control-2.3.38-Command-Injection.html
- https://applied-risk.com/labs/advisories
- https://www.applied-risk.com/resources/ar-2019-007
- https://www.us-cert.gov/ics/advisories/icsa-19-211-02
- http://packetstormsecurity.com/files/155270/FlexAir-Access-Control-2.3.38-Command-Injection.html
- https://applied-risk.com/labs/advisories
- https://www.applied-risk.com/resources/ar-2019-007
- https://www.us-cert.gov/ics/advisories/icsa-19-211-02
Products affected by CVE-2019-7669
-
cpe:2.3:a:primasystems:flexair:2.3.38