Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9745

EPSS 0.09% · P25
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-9745

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service (Recognition Update Client Service) via an insecure communication channel (Named Pipe). The data (JSON) sent via this channel is used to import data from CRM software using plugins (.dll files). The plugin to import data from the EXQUISE software (DatasourceExquiseExporter.dll) can be persuaded to start arbitrary programs (including batch files) that are executed using the same privileges as Recognition Update Client Service (NT AUTHORITY\SYSTEM), thus elevating privileges. This occurs because a higher-privileged process executes scripts from a directory writable by a lower-privileged user.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
CloudCTI HIP Integrator Recognition Configuration Tool 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CloudCTI HIP Integrator Recognition Configuration Tool是荷兰CloudCTI公司的一款集成商识别配置工具。 CloudCTI HIP Integrator Recognition Configuration Tool中存在安全漏洞,该漏洞源于高权限进程可以从低权限用户可写入的目录中执行脚本。攻击者可利用该漏洞提升权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-9745

#POC DescriptionSource LinkShenlong Link
1Write-up on the CVE-2019-9745 vulnerability.https://github.com/KPN-CISO/CVE-2019-9745POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-9745

Please Login to view more intelligence information

Same Patch Batch · n/a · 2019-10-14 · 37 CVEs total

CVE-2019-17539FFmpeg 代码问题漏洞
CVE-2019-17579SonarSource SonarQube 跨站脚本漏洞
CVE-2019-17575WBCE CMS 代码注入漏洞
CVE-2019-16344Sensorweb ScadaBR 跨站脚本漏洞
CVE-2019-17574WordPress Popup Maker插件安全漏洞
CVE-2019-17552idreamsoft iCMS SQL注入漏洞
CVE-2019-17553MetInfo SQL注入漏洞
CVE-2019-17408ZZZCMS zzzphp 输入验证错误漏洞
CVE-2019-17501Centreon 操作系统命令注入漏洞
CVE-2019-17511D-Link DIR-412 授权问题漏洞
CVE-2019-17540ImageMagick Studio ImageMagick 缓冲区错误漏洞
CVE-2019-17542FFmpeg 输入验证错误漏洞
CVE-2019-17543LZ4 缓冲区错误漏洞
CVE-2019-17544GNU Aspell 缓冲区错误漏洞
CVE-2019-17545GDAL 资源管理错误漏洞
CVE-2019-17547ImageMagick Studio ImageMagick 资源管理错误漏洞
CVE-2019-17546Silicon Graphics LibTIFF 输入验证错误漏洞
CVE-2019-17541ImageMagick Studio ImageMagick 资源管理错误漏洞
CVE-2019-17044BMC Software Patrol Agent 安全漏洞
CVE-2019-17595ncurses 缓冲区错误漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-9745

No comments yet

Leave a comment