CVE-2019-19606
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system.
X-Plane en versiones anteriores a la 11.41, presenta múltiples comprobaciones de ruta inapropiadas que podrían permitir leer y escribir archivos desde y hacia rutas arbitrarias (o una fuga de credenciales del Sistema Operativo hacia un sistema remoto) mediante paquetes de red diseñados. Esto podría ser usado para ejecutar comandos arbitrarios sobre el sistema.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-05 CVE Reserved
- 2020-03-30 CVE Published
- 2024-03-06 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://blog.0xlabs.com/2020/03/x-plane-1141-remote-command-execution.html | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|