Command injection

2020-02-1619:15:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.0%

JSON

Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.

CPENameOperatorVersion
client_agentlt9.20.50
reach_consolelt9.50
reach_serverlt3.50

Name	Operator	Version
client_agent	lt	9.20.50
reach_console	lt	9.50
reach_server	lt	3.50

References

www.goverlan.com/knowledge/article/security-advisory-govsa-2019-1028-1-local-privilege-escalation-2/