CVE-2019-19459

CRITICAL

SALTO ProAccess SPACE 5.4.3.0 - Code Injection

Title source: llm
STIX 2.1

Description

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.

Scores

CVSS v3 9.8
EPSS 0.0351
EPSS Percentile 87.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
saltosystem/proaccess_space < 5.5
Published Dec 03, 2019
Tracked Since Feb 18, 2026