Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-06-05T17:20:09
Updated: 2024-08-04T21:38:46.571Z
Reserved: 2019-02-26T00:00:00
Link: CVE-2019-9189
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-06-05T18:29:01.217
Modified: 2024-11-21T04:51:10.250
Link: CVE-2019-9189
Redhat
No data.