CVE-2019-9486

HIGH Year: 2019
CVSS v3 Score
8.8
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-367
View all →

Vulnerability Description

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject and execute code by hijacking the insecure communications with the service. This vulnerability also affects Telekom MagentaCLOUD through 5.7.0.0 and 1&1 Online Storage through 6.1.0.0.

Related Vulnerabilities

CVE-2019-19793

HIGH
CVSS:8.8(High)

In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges.

CWE-3672019

CVE-2024-23463

HIGH
CVSS:8.8(High)

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to ...

CWE-3672024

CVE-2024-24993

HIGH
CVSS:8.8(High)

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

CWE-3672024

CVE-2024-24995

HIGH
CVSS:8.8(High)

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

CWE-3672024

CVE-2025-30663

HIGH
CVSS:8.8(High)

Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.

CWE-3672025