CVE-2019-7588 : A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege es

A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not impact any Windows Server OSs, or Linux deployments with permissions that are not inherited from the root directory. Authorized Users have ‘modify’ permission to the ESM folders, which allows a low privilege account to modify files located in these directories. An executable can be renamed and replaced by a malicious file that could connect back to a bad actor providing system level privileges. A low privileged user is not able to restart the service, but a restart of the system would trigger the execution of the malicious file. This issue affects: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) Version 5.12.2 and prior versions; This issue does not affect: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) 19.03 and above.

Published 2019-06-18 14:15:12

Updated 2020-08-24 17:37:01

Source Johnson Controls

View at NVD, CVE.org

Vulnerability category: Gain privilege

Exploit prediction scoring system (EPSS) score for CVE-2019-7588

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 44 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-7588

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.0	HIGH	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.0	5.9	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.7	MEDIUM	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H	0.8	5.9	Johnson Controls
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-7588

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-7588

https://www.johnsoncontrols.com/-/media/jci/be/united-states/specialty-pages/product-security/files/cpp-psa-2019-01-v2-exacqvision-esm.pdf

Mitigation;Third Party Advisory
https://exacq.com/kb?crc=31399

Knowledge Base | Exacq from Tyco Security Products
Mitigation;Vendor Advisory
https://packetstormsecurity.com/files/151691/exacqvisionesm5122-escalate.txt

exacqVision ESM 5.12.2 Privilege Escalation ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-01

Johnson Controls exacqVision Enterprise System Manager | CISA
Third Party Advisory;US Government Resource

Products affected by CVE-2019-7588

Exacq » Enterprise System Manager
Versions up to, including, (<=) 5.12.2
cpe:2.3:a:exacq:enterprise_system_manager:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A

Vulnerability Details : CVE-2019-7588

Exploit prediction scoring system (EPSS) score for CVE-2019-7588

CVSS scores for CVE-2019-7588

CWE ids for CVE-2019-7588

References for CVE-2019-7588

Products affected by CVE-2019-7588