Published: 30/04/2019 Updated: 24/08/2020

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject and execute code by hijacking the insecure communications with the service. This vulnerability also affects Telekom MagentaCLOUD up to and including 5.7.0.0 and 1&1 Online Storage up to and including 6.1.0.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
strato hidrive desktop client
telekom magentacloud
ionos 1\\&1 online storage

Some personal exploits/pocs

Exploits Miscellaneous proof of concept exploit code for testing purposes Current Exploits Fortinet FortiOS 600 <= 604, 560 <= 568, 541 <= 5410: The magic backdoor (CVE-2018-13382) Strato HiDrive <= 5010 LPE (CVE-2019-9486) Exim 487 < 491 LPE (CVE-2019-10149) ASUS Aura Sync <= 10771 Stack-Based Buffer Overflow (CVE-

CWE-367 https://zer0-day.pw/articles/2019-04/HiDrive-LPE-via-Insecure-WCF-endpoint https://nvd.nist.gov https://github.com/dhn/exploits

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-9486

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect