CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27791
https://notcve.org/view.php?id=CVE-2023-27791
An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG. Un problema encontrado en IXP Data Easy Install 6.6.148840 permite a un atacante remoto escalar privilegios a través de PRNG inseguro. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35120
https://notcve.org/view.php?id=CVE-2022-35120
IXPdata EasyInstall 6.6.14725 contains an access control issue. IXPdata EasyInstall 6.6.14725 contiene un problema de control de acceso. • https://la.rsbir.ch/CVE-2022-35120.pdf • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19893
https://notcve.org/view.php?id=CVE-2019-19893
In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM. En IXP EasyInstall versión 6.2.13723, se presenta un Salto de Directorio en el puerto TCP 8000 por medio del Engine Service por parte de un atacante no autenticado, que puede acceder al sistema de archivos del servidor con los derechos de acceso de la cuenta NT AUTHORITY\SYSTEM. • https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19894
https://notcve.org/view.php?id=CVE-2019-19894
In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker (non-admin) can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP. En IXP EasyInstall versión 6.2.13723, es posible deshabilitar temporalmente UAC mediante el uso del Agent Service en un sistema cliente. Un atacante autenticado (no administrador) puede deshabilitar UAC para otros usuarios al renombrar y reemplazar %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP. • https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19895
https://notcve.org/view.php?id=CVE-2019-19895
In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and execute code in the context of other users. En IXP EasyInstall versión 6.2.13723, se presenta un Movimiento Lateral (usando el Agent Service) contra otros usuarios en un sistema cliente. Un atacante autenticado puede, al modificar %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, lograr este movimiento y ejecutar código en el contexto de otros usuarios. • https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software • CWE-732: Incorrect Permission Assignment for Critical Resource •