CVE-2019-9163: Code Injection
First published: Wed Apr 01 2020(Updated: )
The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Marchnetworks Command Client | <2.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-9163?
CVE-2019-9163 is a vulnerability in the connection initiation process of March Networks Command Client before version 2.7.2 that allows remote attackers to execute arbitrary code via crafted XAML objects.
What is the severity of CVE-2019-9163?
CVE-2019-9163 has a severity rating of 9.8, which is considered critical.
How does CVE-2019-9163 affect March Networks Command Client?
CVE-2019-9163 affects March Networks Command Client versions up to and excluding 2.7.2.
How can the vulnerability CVE-2019-9163 be exploited?
The vulnerability CVE-2019-9163 can be exploited by remote attackers who send crafted XAML objects during the connection initiation process.
Is there a fix for CVE-2019-9163?
Yes, the fix for CVE-2019-9163 is to update March Networks Command Client to version 2.7.2 or later.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/tags
- agent/event
- agent/references
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/marchnetworks
- canonical/marchnetworks command client