CVE-2019-19897

Vulnerability

IXP EasyInstall version 6.2.13723 contains a remote code execution vulnerability in its Agent Service. The flaw exists because the service exposes an Execute Command Line function over TCP port 20051 without requiring authentication. As a result, any unauthenticated attacker who can reach the service can execute arbitrary operating system commands on the target system [1].

Exploitation

An attacker can exploit this vulnerability simply by connecting to the target's Agent Service on TCP port 20051 and sending a crafted request containing the desired command line. No authentication is required, and no user interaction is needed. The service listens on the network, making the attack remotely exploitable [1].

Impact

Successful exploitation gives the attacker full remote code execution in the context of the highly privileged NT AUTHORITY\SYSTEM account. This results in complete compromise of the confidentiality, integrity, and availability of the affected system [1].

Mitigation

As of the available references, no official patch or fixed version has been disclosed for this vulnerability. Users of IXP EasyInstall 6.2.13723 should consider restricting network access to TCP port 20051 as a temporary workaround, or discontinue use of the product until a fix is released [1].