Vulnerabilities > CVE-2019-19470 - Deserialization of Untrusted Data vulnerability in Tinywall

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

tinywall

CWE-502

NVD

Published: 2019-12-30

Updated: 2022-01-01

Summary

Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13.

Vulnerable Configurations

Part	Description	Count
Application	Tinywall Tinywall Tinywall 1.0.0 Tinywall Tinywall 1.0.1 Tinywall Tinywall 1.0.2 Tinywall Tinywall 1.0.3 Tinywall Tinywall 1.0.4 Tinywall Tinywall 2.0.0 Tinywall Tinywall 2.0.1 Tinywall Tinywall 2.1.0 Tinywall Tinywall 2.1.1 Tinywall Tinywall 2.1.2 Tinywall Tinywall 2.1.3 Tinywall Tinywall 2.1.4 Tinywall Tinywall 2.1.5 Tinywall Tinywall 2.1.6 Tinywall Tinywall 2.1.7 Tinywall Tinywall 2.1.8 Tinywall Tinywall 2.1.9 Tinywall Tinywall 2.1.10 Tinywall Tinywall 2.1.11 Tinywall Tinywall 2.1.12	20

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References