CVE-2019-18342

CRITICAL Year: 2019
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-749
View all →

Vulnerability Description

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.

Related Vulnerabilities

CVE-2018-10931

CRITICAL
CVSS:9.8(Critical)

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, ...

CWE-7492018

CVE-2020-15623

CRITICAL
CVSS:9.8(Critical)

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The s...

CWE-7492020

CVE-2020-8212

CRITICAL
CVSS:9.8(Critical)

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows acce...

CWE-7492020

CVE-2021-26614

CRITICAL
CVSS:9.8(Critical)

ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell comman...

CWE-7492021

CVE-2021-42128

CRITICAL
CVSS:9.8(Critical)

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.

CWE-7492021

CVE-2023-39226

CRITICAL
CVSS:9.8(Critical)

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.

CWE-7492023