CVE-2019-15936 – CVE-2019-15936 is an insecure file upload vulne... (How to Fix)

Q: What is the severity of CVE-2019-15936?

CVE-2019-15936 has a CVSS score of 9.8 (CRITICAL). CVE-2019-15936 is an insecure file upload vulnerability in Intesync Solismed 3.3sp that allows attackers to upload malicious files without proper validation. This affects all users running the vulnerable version of the Solismed medical management software. Attackers can exploit this to upload webshells or other malicious payloads to the server.

📋 TL;DR

CVE-2019-15936 is an insecure file upload vulnerability in Intesync Solismed 3.3sp that allows attackers to upload malicious files without proper validation. This affects all users running the vulnerable version of the Solismed medical management software. Attackers can exploit this to upload webshells or other malicious payloads to the server.

💻 Affected Systems

Products:

Intesync Solismed

Versions: 3.3sp

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the file upload functionality in the medical management software.

📦 What is this software?

Solismed by Intesync

View all CVEs affecting Solismed →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to remote code execution, data theft, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Webshell upload leading to persistent backdoor access, data exfiltration, and potential pivot to other systems.

🟢

If Mitigated

Limited impact with proper file upload restrictions, web application firewalls, and network segmentation in place.

🌐 Internet-Facing: HIGH - Web applications with file upload functionality directly exposed to the internet are prime targets for exploitation.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward - attackers simply need to craft a malicious file upload request to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions after 3.3sp

Vendor Advisory: https://know.bishopfox.com/advisories/solismed-critical

Restart Required: Yes

Instructions:

1. Contact Intesync for the latest patched version. 2. Backup current configuration and data. 3. Apply the patch or upgrade to a fixed version. 4. Restart the Solismed application service. 5. Verify the fix is working.

🔧 Temporary Workarounds

Web Application Firewall Rules

all

Implement WAF rules to block malicious file uploads and suspicious file extensions.

File Upload Restrictions

all

Configure server-side validation to only allow specific file types and implement file size limits.

🧯 If You Can't Patch

Implement strict network segmentation to isolate the Solismed server from critical systems
Deploy intrusion detection systems to monitor for file upload anomalies and webshell activity

🔍 How to Verify

Check if Vulnerable:

Check if running Solismed version 3.3sp and test file upload functionality with various file types.

Check Version:

Check Solismed administration panel or configuration files for version information.

Verify Fix Applied:

Attempt to upload malicious files after patching - successful uploads should be blocked with proper validation.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to Solismed endpoints
Uploads of executable files or scripts
Multiple failed upload attempts

Network Indicators:

HTTP POST requests to file upload endpoints with suspicious payloads
Traffic to unexpected ports from the Solismed server

SIEM Query:

source="solismed_logs" AND (event="file_upload" AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp"))

📊 Metadata

CVE ID: CVE-2019-15936

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: December 12, 2019

Last Updated: November 21, 2024

🔗 References

https://bishopfox.com Third Party Advisory
https://know.bishopfox.com/advisories/solismed-critical Exploit,Third Party Advisory
https://www.bishopfox.com/blog/news-category/advisories/ Product
https://bishopfox.com Third Party Advisory
https://know.bishopfox.com/advisories/solismed-critical Exploit,Third Party Advisory
https://www.bishopfox.com/blog/news-category/advisories/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-15936, you might also want to check these: