CVE-2019-19606

2020-03-3021:31:32

mitre

www.cve.org

9.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system.

References

blog.0xlabs.com/2020/03/x-plane-1141-remote-command-execution.html