Vulnerability Details : CVE-2019-13517
In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain.
Products affected by CVE-2019-13517
- cpe:2.3:a:bd:pyxis_enterprise_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:bd:pyxis_es:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-13517
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-13517
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2019-13517
-
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2019-13517
-
https://www.us-cert.gov/ics/advisories/icsma-19-248-01
BD Pyxis (Update A) | CISAMitigation;Third Party Advisory;US Government Resource
Jump to