CVE-2019-12310 – ExaGrid appliances with vulnerable firmware hav... (How to Fix)

Q: What is the severity of CVE-2019-12310?

CVE-2019-12310 has a CVSS score of 9.8 (CRITICAL). ExaGrid appliances with vulnerable firmware have a directory traversal vulnerability in the /monitor/data/Upgrade/ endpoint that allows remote attackers to access sensitive logging files. These files contain Base64-encoded administrative credentials, potentially leading to full device compromise. Organizations using ExaGrid appliances with firmware version v4.8.1.1044.P50 are affected.

📋 TL;DR

ExaGrid appliances with vulnerable firmware have a directory traversal vulnerability in the /monitor/data/Upgrade/ endpoint that allows remote attackers to access sensitive logging files. These files contain Base64-encoded administrative credentials, potentially leading to full device compromise. Organizations using ExaGrid appliances with firmware version v4.8.1.1044.P50 are affected.

💻 Affected Systems

Products:

ExaGrid appliances

Versions: v4.8.1.1044.P50

Operating Systems: ExaGrid firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only specific firmware version is confirmed vulnerable. Other versions may also be affected but not confirmed.

📦 What is this software?

Backup Appliance Firmware by Exagrid

View all CVEs affecting Backup Appliance Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full administrative compromise of ExaGrid appliance, allowing attacker to access, modify, or delete backup data, reconfigure the device, or use it as a pivot point into the network.

🟠

Likely Case

Attacker extracts administrative credentials and gains unauthorized access to the appliance management interface, potentially compromising backup integrity and confidentiality.

🟢

If Mitigated

Limited information disclosure of system logs without credential extraction if proper access controls are implemented.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-facing devices extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthenticated access to sensitive credentials and system information.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal attacks are well-understood and easy to automate. Public disclosure includes technical details sufficient for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later firmware versions (contact ExaGrid for specific patched version)

Vendor Advisory: https://exagrid.com/exagrid-products/resources/

Restart Required: Yes

Instructions:

1. Contact ExaGrid support for patched firmware version. 2. Backup appliance configuration. 3. Apply firmware update following ExaGrid documentation. 4. Verify update completion and functionality.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to ExaGrid management interfaces to trusted IP addresses only

Web Application Firewall

all

Deploy WAF with directory traversal protection rules to block exploitation attempts

🧯 If You Can't Patch

Isolate ExaGrid appliances on separate network segments with strict firewall rules
Implement network monitoring and alerting for directory traversal attempts to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check firmware version via ExaGrid web interface or CLI. If version is v4.8.1.1044.P50, device is vulnerable.

Check Version:

Check via ExaGrid web interface under System > About, or consult ExaGrid documentation for CLI commands

Verify Fix Applied:

Verify firmware version has been updated to a version later than v4.8.1.1044.P50 and test that directory traversal to /monitor/data/Upgrade/ no longer works.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing directory traversal sequences (../) to /monitor/data/Upgrade/
Unauthorized access attempts to sensitive system files

Network Indicators:

HTTP requests with ../ patterns in URL parameters or paths
Unusual access patterns to ExaGrid management interfaces

SIEM Query:

http.url:"/monitor/data/Upgrade/*" AND (http.uri:"*../*" OR http.uri:"*..%2f*")

📊 Metadata

CVE ID: CVE-2019-12310

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: June 3, 2019

Last Updated: November 21, 2024

🔗 References

https://exagrid.com/exagrid-products/resources/ Vendor Advisory
https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/ Exploit,Third Party Advisory
https://exagrid.com/exagrid-products/resources/ Vendor Advisory
https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-12310, you might also want to check these: