CVE-2019-19893

HIGH

IXP EasyInstall 6.2.13723 - Unauthenticated Path Traversal via Engine Service

Title source: llm
STIX 2.1

Description

In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0255
EPSS Percentile 83.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
ixpdata/easyinstall 6.2.13723
Published Jan 23, 2020
Tracked Since Feb 18, 2026