CVE-2019-18870

A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md	Exploit Third Party Advisory
https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:blaauwproducts:remote_kiln_control::::::::
	cpe:2.3:a:blaauwproducts:remote_kiln_control:3.0.0:-::::::
	cpe:2.3:a:blaauwproducts:remote_kiln_control:3.0.0:v4::::::

History

21 Nov 2024, 04:33

Type	Values Removed	Values Added
References	~~() https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md - Exploit, Third Party Advisory~~	() https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md - Exploit, Third Party Advisory

Information

Published : 2020-05-07 14:15

Updated : 2024-11-21 04:33

NVD link : CVE-2019-18870

Mitre link : CVE-2019-18870

CVE.ORG link : CVE-2019-18870

JSON object : View

Products Affected

blaauwproducts

remote_kiln_control

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2019-18870", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-05-07T14:15:11.747", "references": [{"url": "https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine."}, {"lang": "es", "value": "Un salto de ruta por medio del par\u00e1metro iniFile en el archivo excel.php en Blaauw Remote Kiln Control versiones hasta v3.00r4, permite a un atacante autenticado descargar archivos arbitrarios de la m\u00e1quina host."}], "lastModified": "2024-11-21T04:33:45.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blaauwproducts:remote_kiln_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7FB471E-84FC-4072-92B8-42023CFD4F96", "versionEndExcluding": "3.0.0"}, {"criteria": "cpe:2.3:a:blaauwproducts:remote_kiln_control:3.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2EF13D2-D20D-43B2-A30E-DA731192E4CD"}, {"criteria": "cpe:2.3:a:blaauwproducts:remote_kiln_control:3.0.0:v4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D369830-C96E-40C1-ADF4-D38B091AA789"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-18870

6.5^/10

4.0^/10

Attach tags to `CVE-2019-18870`