An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following.
References
Link | Resource |
---|---|
https://eracent.com/security-bulletin-cve-2019-17445/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2019-11-22 10:15
Updated : 2019-12-04 12:29
NVD link : CVE-2019-17445
Mitre link : CVE-2019-17445
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
eracent
- epm_agent
- eua_agent
- epa_agent
- flw_agent
- eda_agent
- sum_agent
linux
- linux_kernel