CVE-2019-19893

CVE-2019-19893 affects IXP EasyInstall 6.2.13723. The issue is a Directory Traversal on TCP port 8000 via the Engine Service, exploitable by an unauthenticated attacker and allowing access to the server filesystem with NT AUTHORITY\SYSTEM privileges. Reported CVSS v3.1 base score 7.5 (HIGH) with ...

CVE-2019-19895

CVE-2019-19895 affects IXP EasyInstall 6.2.13723. The issue enables Lateral Movement via the Agent Service by modifying %SYSTEMDRIVE%\IXP\SW[PACKAGE_CODE]\EveryLogon.bat, allowing an authenticated, local attacker to execute code in the context of other users on the same client system. This is des...

CVE-2019-19896

The CVE refers to CVE-2019-19896 in IXP EasyInstall 6.2.13723, where remote code execution is possible due to weak permissions on the Engine Service share. The default IXP$ share permissions allow modification of directories/files (e.g., bat-scripts), enabling code execution in the NT AUTHORITY\S...

CVE-2019-19897

CVE-2019-19897 affects IXP EasyInstall 6.2.13723. The vulnerability enables unauthenticated remote code execution via the Agent Service over TCP port 20051, allowing execution as NT AUTHORITY\SYSTEM using the Execute Command Line feature. Exploitation details and affected remediation are not prov...

CVE-2019-19894

In IXP EasyInstall 6.2.13723, the vulnerability allows a local attacker to disable User Account Control (UAC) on a client system by abusing the Agent Service and renaming/replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP. An authenticated attacker (non-admin) can disable UAC for other users, which may i...

CVE-2019-19898

CVE-2019-19898 affects IXP EasyInstall 6.2.13723. The description states that cleartext credentials are transmitted over network communications on TCP port 20050 when using the Administrator console remotely, exposing confidentiality. The connected documents corroborate the same details. No expli...

CVE-2022-35120

CVE-2022-35120 affects IXPdata EasyInstall 6.6.14725 and is described as an access control issue (improper access control). The initial entry provides a CVSS 3.1 base score of 8.8 (HIGH) with LOCAL attack vector, LOW attack complexity, LOW privileges required, and no user interaction, with CHANGE...

CVE-2023-27793

CVE-2023-27793 affects IXP Data Easy Install, version 6.6.14884.0. The connected sources describe a local privilege escalation caused by weak encoding of sensitive information within the software. The NVD entry lists a high-severity score (CVSS 3.1: 7.8; LOCAL access, LOW privileges, no user inte...

CVE-2023-30131

CVE-2023-30131 affects IXP EasyInstall 6.6.14884.0. The issue allows attackers to run arbitrary commands and escalate privileges via unauthenticated API calls, with the NVD entry noting a high-impact remote code execution potential (CVSS v3.1: 9.8). Connected sources consistently describe command...

CVE-2023-30132

The CVE-2023-30132 vulnerability affects IXP Data EasyInstall 6.6.14907.0 and enables privilege escalation through a static cryptographic key, per multiple sources (NVD, Red Hat, CVE listings, CNNVD, etc.). The root cause is described as a cryptographic key issue that allows an attacker to escala...

CVE-2023-27795

The CVE concerns IXP Data Easy Install, version 6.6.14884.0. The issue allows a local attacker to escalate privileges by abusing a static XOR key in the affected software, with impact described as high confidentiality, integrity, and availability concerns per the NVD entry (CVSS v3.1: Local, Priv...

CVE-2023-27792

CVE-2023-27792 affects IXP Data Easy Install v6.6.14884.0. The issue is privilege escalation caused by improper permission handling on subdirectories, enabling a local attacker to achieve high integrity/confidentiality/availability impact as per CVSS v3.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Pu...

CVE-2023-27791

CVE-2023-27791 affects IXP Data Easy Install v6.6.148840. The issue is a root-cause in the product’s PRNG that enables a remote attacker to escalate privileges. Connected sources confirm the vulnerability and its impact as privilege escalation; no explicit exploit details are provided, and there ...