CVE-2019-19894

Vulnerability

In IXP EasyInstall version 6.2.13723, the Agent Service does not properly enforce integrity controls on the configuration file at %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP. An authenticated attacker with non-administrative privileges can replace or rename this file, which leads to the temporary disabling of User Account Control (UAC) for other users on the same system. The vulnerability is documented in [1].

Exploitation

To exploit the vulnerability, an attacker must have valid credentials and be able to log into the target system. The attacker then renames or replaces the IXPAS.IXP file located in the %SYSTEMDRIVE%\IXP\DATA\ directory. This action, performed through the IXP Agent Service, results in UAC being disabled for other users of the system, as the service processes the modified configuration [1].

Impact

Successful exploitation temporarily disables UAC for other users on the client system, reducing the security barriers that normally prompt for consent or credentials for elevated operations. This could allow subsequent attacks that rely on lowered user privilege controls, such as stealthy privilege escalation or malware execution without prompting the user [1].

Mitigation

As of the publication date (2020-01-23), no patched version or vendor-supplied mitigation has been disclosed in the available references [1]. Users should restrict access to the affected systems and monitor the IXPAS.IXP file for unauthorized modifications. If possible, upgrade to a newer version of IXP EasyInstall if a fix becomes available in the future.