CVE-2019-17445

Published: Nov 22, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following.

Affected (6)

Products: Eracent: Eda Agent, Epa Agent, Epm Agent, Eua Agent, Flw Agent, Sum Agent

6 products

Configuration A

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Eracent Eda Agent	Up to 10.2.26
Eracent Epa Agent	Up to 10.2.26
Eracent Epm Agent	Up to 10.2.26
Eracent Eua Agent	Up to 10.2.26
Eracent Flw Agent	Up to 10.2.26
Eracent Sum Agent	Up to 10.2.26

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (2)

https://eracent.com/security-bulletin-cve-2019-17445/

Source: cve@mitre.org

Vendor Advisory

https://eracent.com/security-bulletin-cve-2019-17445/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.