CVE-2019-7669

Published: Jul 1, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges.

Affected (1)

Products: Primasystems: Flexair

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Primasystems Flexair	Up to 2.3.38

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (8)

http://packetstormsecurity.com/files/155270/FlexAir-Access-Control-2.3.38-Command-Injection.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://applied-risk.com/labs/advisories

Source: cve@mitre.org

Third Party Advisory

https://www.applied-risk.com/resources/ar-2019-007

Source: cve@mitre.org

Third Party Advisory

https://www.us-cert.gov/ics/advisories/icsa-19-211-02

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://packetstormsecurity.com/files/155270/FlexAir-Access-Control-2.3.38-Command-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://applied-risk.com/labs/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.applied-risk.com/resources/ar-2019-007

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.us-cert.gov/ics/advisories/icsa-19-211-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.