Strix
26.1K

CVE-2019-13637

UnknownEPSS 2.56%

Last modified

CVE-2019-13637 is a vulnerability of currently unknown severity. In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. EPSS estimates a 2.56% chance of exploitation in the next 30 days.

Description

In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.

Metrics

EPSS Probability
2.56%

83.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LogmeinincJoin.Me< 3.16.0.5505

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-13637?
In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.
How severe is CVE-2019-13637?
Severity scoring for CVE-2019-13637 is pending analysis. The EPSS model estimates a 2.56% probability of exploitation in the next 30 days.
How do I fix CVE-2019-13637?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-13637?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST