CVE-2019-9745
Description
CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service (Recognition Update Client Service) via an insecure communication channel (Named Pipe). The data (JSON) sent via this channel is used to import data from CRM software using plugins (.dll files). The plugin to import data from the EXQUISE software (DatasourceExquiseExporter.dll) can be persuaded to start arbitrary programs (including batch files) that are executed using the same privileges as Recognition Update Client Service (NT AUTHORITY\SYSTEM), thus elevating privileges. This occurs because a higher-privileged process executes scripts from a directory writable by a lower-privileged user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Privilege escalation in CloudCTI HIP Integrator via insecure named pipe and arbitrary script execution by a SYSTEM service from a writable directory.
Vulnerability
CloudCTI HIP Integrator Recognition Configuration Tool prior to the fixed version (not specified in available references) allows privilege escalation through its EXQUISE integration. The tool communicates with the Recognition Update Client Service via an insecure named pipe. The service processes JSON data to import plugins (.dll files) from CRM software, including the DatasourceExquiseExporter.dll plugin. Due to improper validation, the plugin can be tricked into executing arbitrary programs or batch files from a directory writable by a lower-privileged user [1].
Exploitation
An attacker who has local access or can write to a directory used by the service can place a malicious batch file or executable in that writable directory. The higher-privileged Recognition Update Client Service (running as NT AUTHORITY\SYSTEM) then executes the arbitrary script when triggered via the insecure named pipe communication channel [1].
Impact
Successful exploitation allows an attacker to achieve arbitrary code execution with SYSTEM privileges, fully compromising the local system. This results in complete loss of confidentiality, integrity, and availability of the affected machine [1].
Mitigation
Not yet disclosed in the available references. The vendor CloudCTI was contacted and acknowledged the issue (CVE-2019-9745), but no specific fixed version or release date is mentioned in the references. No workarounds or KEV listing are provided [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- CloudCTI/HIP Integrator Recognition Configuration Tooldescription
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- github.com/KPN-CISO/CVE-2019-9745/blob/master/README.mdmitrex_refsource_MISC
- www.cloudcti.nl/Site/Securitymitrex_refsource_MISC
News mentions
0No linked articles in our index yet.