CVE-2019-19470
HIGH WAF: Medium
CVSS 7.8
Published: 2019-12-30
CWE-502
Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13.
WAF Coverage Analysis
Insecure Deserialization
Medium WAF Coverage
OWASP: A08:2021 Software and Data Integrity Failures
944xxx - Java Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| tinywall | tinywall | up to 2.1.13 |
References
- gist.github.com (Third Party Advisory)
- www.wilderssecurity.com (Third Party Advisory)