VDB-139528 · CVE-2019-25068 · VulDB 139528

Axios Italia Axios RE 1.7.0/7.0.0 Connection REDefault.aspx DBIDX privileges management

A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to improper privilege management. Using CWE to declare the problem leads to CWE-269. The weakness was presented 08/06/2019 by ErPaciocco as VulDB 139528 as Entry (VulDB). The advisory is shared for download at vuldb.com. This vulnerability was named CVE-2019-25068. The attack can be initiated remotely. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1068. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	06/04/2022 10:54	11/21/2023 06:23	11/21/2023 06:35
vendor	Axios Italia	Axios Italia	Axios Italia
name	Axios RE	Axios RE	Axios RE
version	1.7.0/7.0.0	1.7.0/7.0.0	1.7.0/7.0.0
component	Connection Handler	Connection Handler	Connection Handler
file	REDefault.aspx	REDefault.aspx	REDefault.aspx
argument	DBIDX	DBIDX	DBIDX
risk	2	2	2
cvss2_vuldb_basescore	6.0	6.0	6.0
cvss2_vuldb_tempscore	5.4	5.4	5.4
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	6.3	6.3	7.1
cvss3_meta_tempscore	5.8	5.8	7.0
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.8	5.8	5.8
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
date	1565049600 (08/06/2019)	1565049600 (08/06/2019)	1565049600 (08/06/2019)
location	VulDB	VulDB	VulDB
type	Entry	Entry	Entry
url	https://vuldb.com/?id.139528	https://vuldb.com/?id.139528	https://vuldb.com/?id.139528
identifier	VulDB 139528	VulDB 139528	VulDB 139528
person_nickname	ErPaciocco	ErPaciocco	ErPaciocco
price_0day	$0-$5k	$0-$5k	$0-$5k
seealso	139529	139529	139529
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	U	U	U
cvss2_vuldb_rc	UC	UC	UC
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	U	U	U
cvss3_vuldb_rc	U	U	U
cvss2_vuldb_au	S	S	S
cvss3_vuldb_pr	L	L	L
cwe	269 (privileges management)	269 (privileges management)	269 (privileges management)
cve	CVE-2019-25068	CVE-2019-25068	CVE-2019-25068
responsible	VulDB	VulDB	VulDB
cve_assigned		1654293600 (06/04/2022)	1654293600 (06/04/2022)
cve_nvd_summary		A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely.	A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely.
cvss3_nvd_basescore			8.8
cvss3_cna_basescore			6.3
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			6.5

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!