{"api_version":"1","generated_at":"2026-05-13T14:17:45+00:00","cve":"CVE-2019-7590","urls":{"html":"https://cve.report/CVE-2019-7590","api":"https://cve.report/api/cve/CVE-2019-7590.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-7590","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-7590"},"summary":{"title":"CVE-2019-7590","description":"ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.","state":"PUBLIC","assigner":"productsecurity@jci.com","published_at":"2019-07-19 21:15:00","updated_at":"2020-02-10 21:53:00"},"problem_types":["CWE-428"],"metrics":[],"references":[{"url":"https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341","name":"https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"Script Microsoft Windows Unquoted Service Path Enumeration","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories","name":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories","refsource":"CONFIRM","tags":["Mitigation","Vendor Advisory"],"title":"Product Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php","name":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php","refsource":"MISC","tags":["Third Party Advisory"],"title":"Zero Science Lab » exacqVision 9.8 Unquoted Service Path Privilege Escalation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/109307","name":"109307","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Johnson Controls exacqVision Server CVE-2019-7590 Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html","name":"https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html","refsource":"MISC","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"exacqVision 9.8 Unquoted Service Path Privilege Escalation ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.us-cert.gov/ics/advisories/icsa-19-199-01","name":"https://www.us-cert.gov/ics/advisories/icsa-19-199-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Johnson Controls exacqVision Server | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-7590","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7590","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Gjoko 'LiquidWorm' Krstic","lang":""}],"nvd_cpes":[{"cve_year":"2019","cve_id":"7590","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"johnsoncontrols","cpe5":"exacqvision_server","cpe6":"9.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"7590","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"johnsoncontrols","cpe5":"exacqvision_server","cpe6":"9.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"7590","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"johnsoncontrols","cpe5":"exacqvision_server","cpe6":"9.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"7590","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"johnsoncontrols","cpe5":"exacqvision_server","cpe6":"9.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"productsecurity@jci.com","DATE_PUBLIC":"2019-07-18T17:01:00.000Z","ID":"CVE-2019-7590","STATE":"PUBLIC","TITLE":"exacqVision Server Unquoted Service Path"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"exacqVision Server","version":{"version_data":[{"version_affected":"?<","version_value":"8.4"},{"version_affected":"!<=","version_value":"9.4"},{"version_affected":"=","version_value":"9.6"},{"version_affected":"=","version_value":"9.8"},{"version_affected":"!>","version_value":"19.03"}]}}]},"vendor_name":"Exacq Technologies, Inc."}]}},"configuration":[{"lang":"eng","value":"Windows operating system with exacqVision Server version 9.6 or 9.8 installed."}],"credit":[{"lang":"eng","value":"Gjoko 'LiquidWorm' Krstic"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4."}]},"exploit":[{"lang":"eng","value":"N/A"}],"generator":{"engine":"Vulnogram 0.0.7"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-428 Unquoted Search Path or Element"}]},{"description":[{"lang":"eng","value":"The exacqVision Server unquoted service path privilege escalation vulnerability is possible in the Windows operating system."}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html","name":"https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html"},{"refsource":"MISC","url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php","name":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php"},{"refsource":"MISC","url":"https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341","name":"https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341"},{"refsource":"MISC","url":"https://www.us-cert.gov/ics/advisories/icsa-19-199-01","name":"https://www.us-cert.gov/ics/advisories/icsa-19-199-01"},{"refsource":"CONFIRM","name":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories","url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories"},{"refsource":"BID","name":"109307","url":"http://www.securityfocus.com/bid/109307"}]},"solution":[{"lang":"eng","value":"Upgrade to exacqVision Server 19.03"}],"source":{"discovery":"EXTERNAL"},"work_around":[{"lang":"eng","value":"Run Registry Editor and navigate to HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\exacqVisionServer.  Modify the ImagePath for to include quotations around the entire file path.  Repeat this process for HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\dvrdhcpserver and HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mdnsresponder"}]},"nvd":{"publishedDate":"2019-07-19 21:15:00","lastModifiedDate":"2020-02-10 21:53:00","problem_types":["CWE-428"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:johnsoncontrols:exacqvision_server:9.8:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:johnsoncontrols:exacqvision_server:9.6:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"7590","Ordinal":"145404","Title":"CVE-2019-7590","CVE":"CVE-2019-7590","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"7590","Ordinal":"1","NoteData":"ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"7590","Ordinal":"2","NoteData":"2019-07-19","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"7590","Ordinal":"3","NoteData":"2019-07-22","Type":"Other","Title":"Modified"}]}}}