CVE Catalog

CVE-2019-25747

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path, allowing local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts.

Risk Assessment

The organization is at risk of privilege escalation by local attackers, which may lead to unauthorized access to the system and data. Exploitation of this vulnerability could result in serious consequences for the security and integrity of the system.

Recommendation

It is recommended to update Network Inventory Advisor to the latest version that addresses this vulnerability. Additionally, the configuration of services should be reviewed to avoid unquoted paths in settings.

Original NVD description (English source)

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS