First published: Wed Apr 01 2020(Updated: )
The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Marchnetworks Command Client | <2.7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9163 is a vulnerability in the connection initiation process of March Networks Command Client before version 2.7.2 that allows remote attackers to execute arbitrary code via crafted XAML objects.
CVE-2019-9163 has a severity rating of 9.8, which is considered critical.
CVE-2019-9163 affects March Networks Command Client versions up to and excluding 2.7.2.
The vulnerability CVE-2019-9163 can be exploited by remote attackers who send crafted XAML objects during the connection initiation process.
Yes, the fix for CVE-2019-9163 is to update March Networks Command Client to version 2.7.2 or later.