First published: Tue Dec 03 2019(Updated: )
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Saltosystem Proaccess Space | <=5.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-19459 is critical with a severity value of 9.8.
CVE-2019-19459 is a vulnerability that allows an attacker to write arbitrary content to arbitrary files and execute arbitrary commands on the server.
SALTO ProAccess SPACE 5.4.3.0 up to version 5.5 is affected by CVE-2019-19459.
An attacker can exploit CVE-2019-19459 by writing arbitrary content to arbitrary files, such as files under the web root or .bat files used for auto start, and then executing arbitrary commands on the server.
Yes, you can find references for CVE-2019-19459 at the following links: [link1](https://packetstormsecurity.com/files/155525/SALTO-ProAccess-SPACE-5.5-Traversal-File-Write-XSS-Bypass.html), [link2](https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-salto-proaccess-space/)