How severe is CVE-2019-14510?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2019-14510?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2019-14510 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed into the local Administrators group of all clients assigned to the LAN Cache. When the assigned client is a Domain Controller, the FSAdminxxxxxxxxx account is created as a domain account and automatically added as a member of the domain BUILTIN\Administrators group. Using the well known Pass-the-Hash techniques, an attacker can use the same FSAdminxxxxxxxxx hash from any LAN Cache client and pass this to a Domain Controller, providing administrative rights to the attacker on any Domain Controller. (Local account Pass-the-Hash mitigations do not protect domain accounts.)

Related Vulnerabilities

CVE-2019-14718

MEDIUM

CVSS:6.7(Medium)

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.

CWE-2762019

CVE-2020-0122

MEDIUM

CVSS:6.7(Medium)

In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of pri...

CWE-2762020

CVE-2020-25593

MEDIUM

CVSS:6.7(Medium)

Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.

CWE-2762020

CVE-2020-29489

MEDIUM

CVSS:6.7(Medium)

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password ...

CWE-2762020

CVE-2020-8701

MEDIUM

CVSS:6.7(Medium)

Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-2762020

CVE-2020-8765

MEDIUM

CVSS:6.7(Medium)

Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-2762020