CVE-2019-25747
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path, allowing local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts.
Risk Assessment
The organization is at risk of privilege escalation by local attackers, which may lead to unauthorized access to the system and data. Exploitation of this vulnerability could result in serious consequences for the security and integrity of the system.
Recommendation
It is recommended to update Network Inventory Advisor to the latest version that addresses this vulnerability. Additionally, the configuration of services should be reviewed to avoid unquoted paths in settings.
Original NVD description (English source)
Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts.

