CVE-2019-17390

An issue was discovered in the Outlook add-in in Pronestor Planner before 8.1.77. There is local privilege escalation in the Health Monitor service because PronestorHealthMonitor.exe access control is mishandled, aka PNB-2359.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
8.2 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:C/UI:R
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
pronestorplanner
𝑥
< 8.1.77
𝑥
= Vulnerable software versions
References
http://help.pronestor.com/download/PronestorBooking/ReleaseNotes/ReleaseNotes.htm
https://improsec.com
http://help.pronestor.com/download/PronestorBooking/ReleaseNotes/ReleaseNotes.htm
https://improsec.com