Kramerav: >> Viaware Security Vulnerabilities
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
CVSS Score
9.8
EPSS Score
0.917
Published
2021-08-31
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.
CVSS Score
9.8
EPSS Score
0.805
Published
2021-07-12
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.238
Published
2019-10-09