CVE-2019-19896

Vulnerability

In IXP EasyInstall version 6.2.13723, the default file permissions on the IXP$ share on the server are too permissive. This allows modification of directories and files, including .bat scripts, which are part of the Engine Service. The share is used by the RMM and deployment software, and the weak permissions exist by default, requiring no special configuration to be exploited [1].

Exploitation

An attacker with network access to the IXP$ share can modify or replace existing .bat script files or create new ones. The attacker does not need authentication to modify the share because the default permissions allow write access. The modified scripts are then executed by the Engine Service in the context of NT AUTHORITY\SYSTEM on the target server and potentially on connected clients [1].

Impact

Successful exploitation results in remote code execution as NT AUTHORITY\SYSTEM, the highest privilege level on Windows. The attacker can fully compromise the affected server and any clients that process the scripts from the share. This leads to complete loss of confidentiality, integrity, and availability of the system [1].

Mitigation

Not yet disclosed in the available references. The vendor (IXP) should apply proper access control lists (ACLs) to the IXP$ share to restrict write permissions to only authorized administrators. Users should review and lock down permissions on the share as a workaround until an official patch is released [1].