Privilege Escalation in SALTO ProAccess SPACE 5.4.3.0

Privilege Escalation in SALTO ProAccess SPACE 5.4.3.0

CVE-2019-19460 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.

Learn more about our Web App Pen Testing.