CVE-2019-19459 – CVE-2019-19459 is a critical path traversal vul... (How to Fix)

Q: What is the severity of CVE-2019-19459?

CVE-2019-19459 has a CVSS score of 9.8 (CRITICAL). CVE-2019-19459 is a critical path traversal vulnerability in SALTO ProAccess SPACE that allows attackers to write arbitrary files to the server filesystem. This enables remote code execution by writing malicious files like web shells or auto-start scripts. Organizations using SALTO ProAccess SPACE 5.4.3.0 and potentially other versions are affected.

📋 TL;DR

CVE-2019-19459 is a critical path traversal vulnerability in SALTO ProAccess SPACE that allows attackers to write arbitrary files to the server filesystem. This enables remote code execution by writing malicious files like web shells or auto-start scripts. Organizations using SALTO ProAccess SPACE 5.4.3.0 and potentially other versions are affected.

💻 Affected Systems

Products:

SALTO ProAccess SPACE

Versions: 5.4.3.0 and potentially earlier versions; references suggest 5.5 may also be affected

Operating Systems: Windows (based on .bat file reference)

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the web interface component; physical access control functionality may be impacted.

📦 What is this software?

Proaccess Space by Saltosystem

View all CVEs affecting Proaccess Space →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to complete system control, data theft, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Web shell deployment allowing remote command execution, data exfiltration, and potential ransomware deployment.

🟢

If Mitigated

Limited impact with proper network segmentation, file integrity monitoring, and restricted service accounts preventing privilege escalation.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely without authentication to gain complete server control.

🏢 Internal Only: HIGH - Even internally, this provides complete system compromise capabilities once accessed.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details and proof-of-concept code are publicly available on Packet Storm Security and other sources.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact SALTO Systems for specific patched version

Vendor Advisory: https://www.saltosystems.com/en/support/security-advisories/

Restart Required: Yes

Instructions:

1. Contact SALTO Systems support for latest security patches. 2. Backup configuration and data. 3. Apply provided patch. 4. Restart the ProAccess SPACE service. 5. Verify patch application.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SALTO ProAccess SPACE server from internet and restrict internal network access

Web Application Firewall Rules

all

Block path traversal patterns and file write attempts to web interface

🧯 If You Can't Patch

Immediately isolate the system from all networks including internet and internal corporate networks
Implement strict file integrity monitoring on web root directory and system auto-start locations

🔍 How to Verify

Check if Vulnerable:

Check if running SALTO ProAccess SPACE version 5.4.3.0 or earlier via web interface or system information

Check Version:

Check web interface login page or system administration panel for version information

Verify Fix Applied:

Verify updated version from vendor and test that path traversal attempts are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations in web root directory
Path traversal patterns in web server logs
Creation of .bat files in system directories

Network Indicators:

HTTP requests containing '../' patterns to write endpoints
Unusual outbound connections from SALTO server

SIEM Query:

source="SALTO_web_logs" AND (uri="*../*" OR method="POST" AND uri="*/write*" OR status=200 AND uri="*.bat" OR uri="*.php")

📊 Metadata

CVE ID: CVE-2019-19459

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: December 3, 2019

Last Updated: November 21, 2024

🔗 References

https://packetstormsecurity.com/files/155525/SALTO-ProAccess-SPACE-5.5-Traversal-File-Write-XSS-Bypass.html Third Party Advisory,VDB Entry
https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-salto-proaccess-space/ Exploit,Third Party Advisory
https://packetstormsecurity.com/files/155525/SALTO-ProAccess-SPACE-5.5-Traversal-File-Write-XSS-Bypass.html Third Party Advisory,VDB Entry
https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-salto-proaccess-space/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-19459, you might also want to check these: