CVE-2019-7669

CVE-2019-7669

EPSS 31.4%

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/155270/FlexAir-Access-Control-2.3.38-Command-Injection.html https://applied-risk.com/labs/advisories https://www.applied-risk.com/resources/ar-2019-007 https://www.us-cert.gov/ics/advisories/icsa-19-211-02