CVE-2019-7590

Name: CVE-2019-7590
Creator: NVD / NIST
Published: 2019-07-19T21:15:11.507+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.83%

Last modified Jun 17, 2026

CVE-2019-7590 is a vulnerability of currently unknown severity. ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. EPSS estimates a 0.83% chance of exploitation in the next 30 days.

Description

ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.

Metrics

EPSS Probability

0.83%

52.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Johnsoncontrols	Exacqvision Server	9.6
Johnsoncontrols	Exacqvision Server	9.8

References

http://www.securityfocus.com/bid/109307Third Party Advisory, VDB Entry
https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341Patch, Third Party Advisory
https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisoriesMitigation, Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-199-01Third Party Advisory, US Government Resource
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.phpThird Party Advisory
http://www.securityfocus.com/bid/109307Third Party Advisory, VDB Entry
https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341Patch, Third Party Advisory
https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisoriesMitigation, Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-199-01Third Party Advisory, US Government Resource
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.phpThird Party Advisory

Timeline

Published: Jul 19, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-7590?

How severe is CVE-2019-7590?

Severity scoring for CVE-2019-7590 is pending analysis. The EPSS model estimates a 0.83% probability of exploitation in the next 30 days.

How do I fix CVE-2019-7590?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-7590?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST