Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for exacqVision Server by Exacq Technologies, Inc.

    CVE-2019-7590 (GCVE-0-2019-7590)

    Vulnerability from nvd – Published: 2019-07-19 20:56 – Updated: 2024-09-17 01:40
    VLAI
    Title
    exacqVision Server Unquoted Service Path
    Summary
    ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.
    CWE
    • CWE-428 - Unquoted Search Path or Element
    • The exacqVision Server unquoted service path privilege escalation vulnerability is possible in the Windows operating system.
    Assigner
    jci
    Impacted products
    Vendor Product Version
    Exacq Technologies, Inc. exacqVision Server Unknown: unspecified , < 8.4 (custom)
    Unaffected: unspecified , ≤ 9.4 (custom)
    Affected: 9.6
    Affected: 9.8
    Unaffected: next of 19.03 , < unspecified (custom)
    Create a notification for this product.
    Date Public
    2019-07-18 00:00
    Credits
    Gjoko 'LiquidWorm' Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:28.462Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
              },
              {
                "name": "109307",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109307"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "exacqVision Server",
              "vendor": "Exacq Technologies, Inc.",
              "versions": [
                {
                  "lessThan": "8.4",
                  "status": "unknown",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.4",
                  "status": "unaffected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "9.6"
                },
                {
                  "status": "affected",
                  "version": "9.8"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "next of 19.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "value": "Windows operating system with exacqVision Server version 9.6 or 9.8 installed."
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Gjoko \u0027LiquidWorm\u0027 Krstic"
            }
          ],
          "datePublic": "2019-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ExacqVision Server\u2019s services \u0027exacqVisionServer\u0027, \u0027dvrdhcpserver\u0027 and \u0027mdnsresponder\u0027 have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "N/A"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "The exacqVision Server unquoted service path privilege escalation vulnerability is possible in the Windows operating system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-22T07:06:02.000Z",
            "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
            "shortName": "jci"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
            },
            {
              "name": "109307",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109307"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to exacqVision Server 19.03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "exacqVision Server Unquoted Service Path",
          "workarounds": [
            {
              "lang": "en",
              "value": "Run Registry Editor and navigate to HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\exacqVisionServer.  Modify the ImagePath for to include quotations around the entire file path.  Repeat this process for HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\dvrdhcpserver and HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mdnsresponder"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productsecurity@jci.com",
              "DATE_PUBLIC": "2019-07-18T17:01:00.000Z",
              "ID": "CVE-2019-7590",
              "STATE": "PUBLIC",
              "TITLE": "exacqVision Server Unquoted Service Path"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "exacqVision Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "?\u003c",
                                "version_value": "8.4"
                              },
                              {
                                "version_affected": "!\u003c=",
                                "version_value": "9.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "9.6"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "9.8"
                              },
                              {
                                "version_affected": "!\u003e",
                                "version_value": "19.03"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Exacq Technologies, Inc."
                  }
                ]
              }
            },
            "configuration": [
              {
                "lang": "en",
                "value": "Windows operating system with exacqVision Server version 9.6 or 9.8 installed."
              }
            ],
            "credit": [
              {
                "lang": "eng",
                "value": "Gjoko \u0027LiquidWorm\u0027 Krstic"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ExacqVision Server\u2019s services \u0027exacqVisionServer\u0027, \u0027dvrdhcpserver\u0027 and \u0027mdnsresponder\u0027 have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "N/A"
              }
            ],
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-428 Unquoted Search Path or Element"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The exacqVision Server unquoted service path privilege escalation vulnerability is possible in the Windows operating system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html"
                },
                {
                  "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php",
                  "refsource": "MISC",
                  "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php"
                },
                {
                  "name": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341",
                  "refsource": "MISC",
                  "url": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01"
                },
                {
                  "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
                },
                {
                  "name": "109307",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109307"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to exacqVision Server 19.03"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Run Registry Editor and navigate to HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\exacqVisionServer.  Modify the ImagePath for to include quotations around the entire file path.  Repeat this process for HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\dvrdhcpserver and HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mdnsresponder"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "assignerShortName": "jci",
        "cveId": "CVE-2019-7590",
        "datePublished": "2019-07-19T20:56:07.852Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:40:35.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7590 (GCVE-0-2019-7590)

    Vulnerability from cvelistv5 – Published: 2019-07-19 20:56 – Updated: 2024-09-17 01:40
    VLAI
    Title
    exacqVision Server Unquoted Service Path
    Summary
    ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.
    CWE
    • CWE-428 - Unquoted Search Path or Element
    • The exacqVision Server unquoted service path privilege escalation vulnerability is possible in the Windows operating system.
    Assigner
    jci
    Impacted products
    Vendor Product Version
    Exacq Technologies, Inc. exacqVision Server Unknown: unspecified , < 8.4 (custom)
    Unaffected: unspecified , ≤ 9.4 (custom)
    Affected: 9.6
    Affected: 9.8
    Unaffected: next of 19.03 , < unspecified (custom)
    Create a notification for this product.
    Date Public
    2019-07-18 00:00
    Credits
    Gjoko 'LiquidWorm' Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:28.462Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
              },
              {
                "name": "109307",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109307"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "exacqVision Server",
              "vendor": "Exacq Technologies, Inc.",
              "versions": [
                {
                  "lessThan": "8.4",
                  "status": "unknown",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.4",
                  "status": "unaffected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "9.6"
                },
                {
                  "status": "affected",
                  "version": "9.8"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "next of 19.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "value": "Windows operating system with exacqVision Server version 9.6 or 9.8 installed."
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Gjoko \u0027LiquidWorm\u0027 Krstic"
            }
          ],
          "datePublic": "2019-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ExacqVision Server\u2019s services \u0027exacqVisionServer\u0027, \u0027dvrdhcpserver\u0027 and \u0027mdnsresponder\u0027 have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "N/A"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "The exacqVision Server unquoted service path privilege escalation vulnerability is possible in the Windows operating system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-22T07:06:02.000Z",
            "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
            "shortName": "jci"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
            },
            {
              "name": "109307",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109307"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to exacqVision Server 19.03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "exacqVision Server Unquoted Service Path",
          "workarounds": [
            {
              "lang": "en",
              "value": "Run Registry Editor and navigate to HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\exacqVisionServer.  Modify the ImagePath for to include quotations around the entire file path.  Repeat this process for HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\dvrdhcpserver and HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mdnsresponder"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productsecurity@jci.com",
              "DATE_PUBLIC": "2019-07-18T17:01:00.000Z",
              "ID": "CVE-2019-7590",
              "STATE": "PUBLIC",
              "TITLE": "exacqVision Server Unquoted Service Path"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "exacqVision Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "?\u003c",
                                "version_value": "8.4"
                              },
                              {
                                "version_affected": "!\u003c=",
                                "version_value": "9.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "9.6"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "9.8"
                              },
                              {
                                "version_affected": "!\u003e",
                                "version_value": "19.03"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Exacq Technologies, Inc."
                  }
                ]
              }
            },
            "configuration": [
              {
                "lang": "en",
                "value": "Windows operating system with exacqVision Server version 9.6 or 9.8 installed."
              }
            ],
            "credit": [
              {
                "lang": "eng",
                "value": "Gjoko \u0027LiquidWorm\u0027 Krstic"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ExacqVision Server\u2019s services \u0027exacqVisionServer\u0027, \u0027dvrdhcpserver\u0027 and \u0027mdnsresponder\u0027 have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "N/A"
              }
            ],
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-428 Unquoted Search Path or Element"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The exacqVision Server unquoted service path privilege escalation vulnerability is possible in the Windows operating system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html"
                },
                {
                  "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php",
                  "refsource": "MISC",
                  "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php"
                },
                {
                  "name": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341",
                  "refsource": "MISC",
                  "url": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01"
                },
                {
                  "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
                },
                {
                  "name": "109307",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109307"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to exacqVision Server 19.03"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Run Registry Editor and navigate to HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\exacqVisionServer.  Modify the ImagePath for to include quotations around the entire file path.  Repeat this process for HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\dvrdhcpserver and HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mdnsresponder"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "assignerShortName": "jci",
        "cveId": "CVE-2019-7590",
        "datePublished": "2019-07-19T20:56:07.852Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:40:35.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }