CVE-2019-19782 – CVE-2019-19782 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2019-19782?

CVE-2019-19782 has a CVSS score of 9.8 (CRITICAL). CVE-2019-19782 is a buffer overflow vulnerability in the FTP client of AceaXe Plus 1.0. Attackers can exploit this by sending a specially crafted long EHLO response from an FTP server, potentially leading to remote code execution. This affects all users of AceaXe Plus 1.0 who use its FTP client functionality.

📋 TL;DR

CVE-2019-19782 is a buffer overflow vulnerability in the FTP client of AceaXe Plus 1.0. Attackers can exploit this by sending a specially crafted long EHLO response from an FTP server, potentially leading to remote code execution. This affects all users of AceaXe Plus 1.0 who use its FTP client functionality.

💻 Affected Systems

Products:

AceaXe Plus

Versions: 1.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the FTP client component; exploitation requires user to connect to a malicious FTP server.

📦 What is this software?

Aceaxe Plus by Labf

View all CVEs affecting Aceaxe Plus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attackers to install malware, steal data, or create persistent backdoors.

🟠

Likely Case

Remote code execution leading to system compromise, though exploitation requires user interaction to connect to a malicious FTP server.

🟢

If Mitigated

Denial of service or application crash if exploit attempts are blocked by security controls.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user to connect to attacker-controlled FTP server; public proof-of-concept code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. Consider upgrading to alternative FTP client software or implementing workarounds.

🔧 Temporary Workarounds

Disable FTP Client Usage

all

Prevent use of the vulnerable FTP client component by restricting access or using alternative FTP software.

Network Segmentation

all

Restrict outbound FTP connections to trusted servers only using firewall rules.

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Use endpoint detection and response (EDR) solutions to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if AceaXe Plus 1.0 is installed and if FTP client functionality is being used.

Check Version:

Check installed programs list for 'AceaXe Plus 1.0'

Verify Fix Applied:

Verify that AceaXe Plus 1.0 is no longer in use or that FTP client functionality has been disabled.

📡 Detection & Monitoring

Log Indicators:

Unusual FTP connection attempts, application crashes from AceaXe Plus

Network Indicators:

Outbound FTP connections to unknown or suspicious servers

SIEM Query:

source="AceaXe Plus" AND (event="crash" OR event="exception")

📊 Metadata

CVE ID: CVE-2019-19782

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: December 13, 2019

Last Updated: November 21, 2024

🔗 References

https://github.com/sketler/sketler.github.io/blob/master/_posts/2019-11-11-AceaXeftp-RCE-Via-Buffer-Overflow.markdown Exploit,Third Party Advisory
https://sketler.github.io/cve_research/AceaXeftp-RCE-Via-Buffer-Overflow/ Exploit,Third Party Advisory
https://github.com/sketler/sketler.github.io/blob/master/_posts/2019-11-11-AceaXeftp-RCE-Via-Buffer-Overflow.markdown Exploit,Third Party Advisory
https://sketler.github.io/cve_research/AceaXeftp-RCE-Via-Buffer-Overflow/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-19782, you might also want to check these: