CVE-2019-9486

Published: Apr 30, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject and execute code by hijacking the insecure communications with the service. This vulnerability also affects Telekom MagentaCLOUD through 5.7.0.0 and 1&1 Online Storage through 6.1.0.0.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://zer0-day.pw/articles/2019-04/HiDrive-LPE-via-Insecure-WCF-endpoint

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-9486

Description

Affected Products

References