CVE-2019-17446

An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be used to start external programs with elevated permissions because of an Untrusted Search Path.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
eracentepa_agent
𝑥
≤ 10.2.26
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://eracent.com/security-bulletin-cve-2019-17446/
https://eracent.com/security-bulletin-cve-2019-17446/