CVE-2019-19897
CRITICALIXP EasyInstall 6.2.13723 - Unauthenticated Remote Code Execution via Agent Service Execute Command Line Function
Title source: llmDescription
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software
Scores
CVSS v3
9.8
EPSS
0.0556
EPSS Percentile
91.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
ixpdata/easyinstall
6.2.13723
Published
Jan 23, 2020
Tracked Since
Feb 18, 2026