CVE-2019-13637

EPSS 1.33%
Veröffentlicht 17.07.2019 21:15:11
Zuletzt bearbeitet 21.11.2024 04:25:24
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Logmeininc ≫ Join.Me SwPlatformwindows Version < 3.16.0.5505

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.33%	0.793

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://github.com/active-labs/Advisories/blob/master/ACTIVE-2019-009.md

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-13637

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13637

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13637

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-13637