Vulnerabilities > CVE-2019-19167 - Unspecified vulnerability in Tobesoft Nexacro 2019.9.25.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

tobesoft

microsoft

NVD

Published: 2020-05-06

Updated: 2020-05-11

Summary

Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Tobesoft Tobesoft Nexacro 2019.9.25.1	1
OS	Microsoft Microsoft Windows -	1

References

http://support.tobesoft.co.kr/Support/index.html
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35358