CVE-2019-19460
MEDIUMSALTO ProAccess SPACE 5.4.3.0 - Privilege Escalation
Title source: llmDescription
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/155525/SALTO-ProAccess-SPACE-5.5-Traversal-File-Write-XSS-Bypass.html
Exploit, Third Party Advisory x_refsource_misc
https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-salto-proaccess-space/
Scores
CVSS v3
5.5
EPSS
0.0042
EPSS Percentile
33.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-276
Status
published
Products (1)
saltosystem/proaccess_space
< 5.5
Published
Dec 03, 2019
Tracked Since
Feb 18, 2026