How severe is CVE-2019-1794?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.1 out of 10.

What type of vulnerability is CVE-2019-1794?

This is classified as CWE-427, which is a common weakness in software security.

CVE-2019-1794 - MEDIUM Severity | CVSS 5.1

Vulnerability Description

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.

Related Vulnerabilities

CVE-2017-5147

MEDIUM

CVSS:5.3(Medium)

An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicio...

CWE-4272017

CVE-2019-16001

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit ...

CWE-4272019

CVE-2019-5245

MEDIUM

CVSS:5.3(Medium)

HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DL...

CWE-4272019

CVE-2024-30117

MEDIUM

CVSS:5.3(Medium)

A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.

CWE-4272024

CVE-2018-12163

MEDIUM

CVSS:4.8(Medium)

A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.

CWE-4272018

CVE-2020-25738

MEDIUM

CVSS:5.5(Medium)

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a...

CWE-4272020