10
CVE-2019-11526
- EPSS 0.35%
- Veröffentlicht 10.10.2019 19:15:10
- Zuletzt bearbeitet 21.11.2024 04:21:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Softing ≫ Uagate Si Firmware Version1.60.01
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.565 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.