CVE-2019-19893
HIGHIXP EasyInstall 6.2.13723 - Unauthenticated Path Traversal via Engine Service
Title source: llmDescription
In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software
Scores
CVSS v3
7.5
EPSS
0.0255
EPSS Percentile
83.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
ixpdata/easyinstall
6.2.13723
Published
Jan 23, 2020
Tracked Since
Feb 18, 2026