CVE-2019-1577 Inadequate validity checking of LDAP and AD integration in Smart Switch PC prior to version 4.3.22083 allows remote attackers to authenticate via LDAP, and consequently delete arbitrary directory via directory junction.
Inadequate validation of LDAP and AD integration in Smart Switch PC prior to version 4.3.22083 allows remote attackers to authenticate via LDAP, and consequently delete arbitrary directory via directory junction.
Inadequate validation of LDAP and AD integration in Smart Switch PC prior to version 4.3.22083 allows remote attackers to authenticate via LDAP, and consequently delete arbitrary directory via directory junction.
Inadequate validation of LDAP and AD integration in Smart Switch PC prior to version 4.3.22083 allows remote attackers to authenticate via LDAP, and consequently delete arbitrary directory via directory junction.
Inadequate validation of LDAP and AD integration in Smart Switch PC prior to version 4.3.22083 allows remote attackers to authenticate via LDAP, and consequently delete arbitrary directory via directory junction.
Inadequate validation of LDAP and AD integration in Smart Switch PC prior to version 4.3.22083 allows remote attackers to authenticate via LDAP, and consequently delete arbitrary directory via directory junction.
Inadequate validation of LDAP and AD integration in Smart Switch PC prior to version 4.3.22083 allows remote attackers to authenticate
Smart Switch
PC 4.3.22083
CVE-2019-1577 Inadequate validity checking of LDAP and AD integration in Smart Switch PC prior to version 4.3.22083 allows remote attackers to authenticate via LDAP, and consequently delete arbitrary directory via directory junction.
Inadequate validation of LDAP and AD integration in Smart Switch PC prior to version 4.3.22083 allows remote attackers to authenticate via LDAP, and consequently delete arbitrary directory via directory junction.
Smart Switch PC: New Scenario, Same Vulnerability
The vulnerability CVE-2019-1577 has been discovered in Smart Switch PC, a software developed by Softnet Systems. The vulnerability allows attackers to authenticate via LDAP and consequently delete arbitrary directory via directory junction. The vulnerability is found in the validation of LDAP and AD integration in Smart Switch PC prior to version 4.3.22083.
This is not the first time this flaw has been noted as it was observed back in December 2019 which allowed attackers to gain unauthorized access to privileged accounts on Windows systems using an LDAP server hosted on an internal network that leads to information disclosure, privilege escalation and unauthorized remote code execution. This new scenario of the same vulnerability is notable because it may lead to further vulnerabilities if left unpatched for long periods of time.
Timeline
Published on: 09/09/2022 15:15:00 UTC
Last modified on: 09/21/2022 20:21:00 UTC