CVE-2019-17445 - OpenCVE

An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eracent	Eda Agent Epa Agent Epm Agent Eua Agent Flw Agent Sum Agent
Linux	Linux Kernel

Configuration 1 [-]

AND

OR	cpe:2.3:a:eracent:eda_agent::::::::
	cpe:2.3:a:eracent:epa_agent::::::::
	cpe:2.3:a:eracent:epm_agent::::::::
	cpe:2.3:a:eracent:eua_agent::::::::
	cpe:2.3:a:eracent:flw_agent::::::::
	cpe:2.3:a:eracent:sum_agent::::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://eracent.com/security-bulletin-cve-2019-17445/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-22T17:18:38

Updated: 2024-08-05T01:40:16.053Z

Reserved: 2019-10-10T00:00:00

Link: CVE-2019-17445

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-22T18:15:10.907

Modified: 2019-12-04T20:29:45.423

Link: CVE-2019-17445

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-22T17:18:38", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://eracent.com/security-bulletin-cve-2019-17445/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17445", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://eracent.com/security-bulletin-cve-2019-17445/", "refsource": "CONFIRM", "url": "https://eracent.com/security-bulletin-cve-2019-17445/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:16.053Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://eracent.com/security-bulletin-cve-2019-17445/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17445", "datePublished": "2019-11-22T17:18:38", "dateReserved": "2019-10-10T00:00:00", "dateUpdated": "2024-08-05T01:40:16.053Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eracent:eda_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC8DA8D3-8764-41D2-A99C-30AA523473A3", "versionEndIncluding": "10.2.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:eracent:epa_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EEEA80F-003B-4654-B69D-4A916F4FFE06", "versionEndIncluding": "10.2.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:eracent:epm_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "66239CCC-674E-481B-A712-4DB92DCA03DD", "versionEndIncluding": "10.2.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:eracent:eua_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "798F41D5-5775-45A5-B1D8-084B4BA73B91", "versionEndIncluding": "10.2.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:eracent:flw_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "046A0AB9-813C-4B9E-9FAE-E3B7DEBD4DFD", "versionEndIncluding": "10.2.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:eracent:sum_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "1463E937-81D1-465A-888E-909EFD28C4E3", "versionEndIncluding": "10.2.26", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Eracent en Agente EDA, EPA, EPM, EUA, FLW y SUM versiones hasta 10.2.26. El ejecutable del agente, cuando est\u00e1 instalado para operaciones no root (escaneo), puede ser forzado a copiar archivos del sistema de archivos hacia otras ubicaciones por medio del enlace simb\u00f3lico siguiente."}], "id": "CVE-2019-17445", "lastModified": "2019-12-04T20:29:45.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-22T18:15:10.907", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://eracent.com/security-bulletin-cve-2019-17445/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}