13 results (0.004 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-27791

https://notcve.org/view.php?id=CVE-2023-27791

19 Oct 2023 — An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG. Un problema encontrado en IXP Data Easy Install 6.6.148840 permite a un atacante remoto escalar privilegios a través de PRNG inseguro. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-27792

https://notcve.org/view.php?id=CVE-2023-27792

19 Oct 2023 — An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. Un problema encontrado en IXP Data Easy Install v.6.6.14884.0 permite a un atacante escalar privilegios debido a la falta de permisos aplicados a los subdirectorios. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-862: Missing Authorization •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-27793

https://notcve.org/view.php?id=CVE-2023-27793

19 Oct 2023 — An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information. Un problema descubierto en IXP Data Easy Install v.6.6.14884.0 permite a atacantes locales obtener privilegios elevados mediante una codificación débil de información confidencial. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-27795

https://notcve.org/view.php?id=CVE-2023-27795

19 Oct 2023 — An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key. Un problema encontrado en IXP Data Easy Install v.6.6.14884.0 permite a un atacante local obtener privilegios a través de una clave XOR estática. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-30132

https://notcve.org/view.php?id=CVE-2023-30132

19 Oct 2023 — An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key. Un problema descubierto en IXP Data EasyInstall 6.6.14907.0 permite a los atacantes obtener privilegios aumentados a través de una Clave Criptográfica estática. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-326: Inadequate Encryption Strength •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-30131

https://notcve.org/view.php?id=CVE-2023-30131

19 Oct 2023 — An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. Un problema descubierto en IXP EasyInstall 6.6.14884.0 permite a los atacantes ejecutar comandos arbitrarios, obtener privilegios elevados y causar otros impactos no especificados a través de llamadas API no autenticadas. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-35120

https://notcve.org/view.php?id=CVE-2022-35120

01 Dec 2022 — IXPdata EasyInstall 6.6.14725 contains an access control issue. IXPdata EasyInstall 6.6.14725 contiene un problema de control de acceso. • https://la.rsbir.ch/CVE-2022-35120.pdf • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-19893

https://notcve.org/view.php?id=CVE-2019-19893

23 Jan 2020 — In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM. En IXP EasyInstall versión 6.2.13723, se presenta un Salto de Directorio en el puerto TCP 8000 por medio del Engine Service por parte de un atacante no autenticado, que puede acceder al sistema de archivos del servidor con los derechos de acceso de la cuenta NT AUTHORITY\SYSTEM. • https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-19894

https://notcve.org/view.php?id=CVE-2019-19894

23 Jan 2020 — In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker (non-admin) can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP. En IXP EasyInstall versión 6.2.13723, es posible deshabilitar temporalmente UAC mediante el uso del Agent Service en un sistema cliente. Un atacante autenticado (no administrador) puede deshabilitar UAC para otros usuarios al renombrar y reemplazar %SYSTEMDRIVE%\... • https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-19895

https://notcve.org/view.php?id=CVE-2019-19895

23 Jan 2020 — In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and execute code in the context of other users. En IXP EasyInstall versión 6.2.13723, se presenta un Movimiento Lateral (usando el Agent Service) contra otros usuarios en un sistema cliente. Un atacante autenticado puede, al modificar %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\E... • https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software • CWE-732: Incorrect Permission Assignment for Critical Resource •