CVE-2019-7590 : What You Need to Know
Learn about CVE-2019-7590, a vulnerability in ExacqVision Server allowing privilege escalation. Find out affected versions, impact, and mitigation steps.
ExacqVision Server's services have an unquoted service path vulnerability that could allow an authenticated user to elevate privileges on the system.
Understanding CVE-2019-7590
This CVE involves a privilege escalation vulnerability in ExacqVision Server due to unquoted service paths.
What is CVE-2019-7590?
The vulnerability in ExacqVision Server allows an authenticated user to execute code during application startup, potentially gaining higher system privileges.
The Impact of CVE-2019-7590
- CVSS Base Score: 6.7 (Medium Severity)
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Technical Details of CVE-2019-7590
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The services of ExacqVision Server have unquoted service paths, allowing an authenticated user to potentially execute code during application startup.
Affected Systems and Versions
- Affected Versions: 9.6, 9.8
- Unaffected Versions: 9.4 and earlier, 19.03
- Impact on Versions Prior to 8.4: Unknown
Exploitation Mechanism
- The vulnerability requires an authenticated user to insert code in the system root path for potential execution during application startup.
Mitigation and Prevention
Protect your system from CVE-2019-7590 with the following steps:
Immediate Steps to Take
- Upgrade to exacqVision Server 19.03
- Run Registry Editor to modify ImagePath for affected services with quotations around the file path
Long-Term Security Practices
- Regularly update and patch ExacqVision Server
- Implement least privilege access controls
Patching and Updates
- Ensure all systems are updated to the latest version of ExacqVision Server to mitigate the vulnerability