Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability found for Network Inventory Advisor by Network-Inventory-Advisor

    CVE-2019-25747 (GCVE-0-2019-25747)

    Vulnerability from cvelistv5 – Published: 2026-06-19 14:16 – Updated: 2026-06-19 14:16
    VLAI
    Title
    Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation
    Summary
    Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts.
    Severity
    8.5 (High)
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
    7.8 (High)
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    References
    Impacted products
    Date Public
    2019-11-04 00:00
    Credits
    Samuel DiazL
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Network Inventory Advisor",
          "vendor": "Network-Inventory-Advisor",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.26.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Samuel DiazL"
        }
      ],
      "datePublic": "2019-11-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T14:16:48.638Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-47584",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/47584"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.network-inventory-advisor.com/"
        },
        {
          "name": "Product Reference",
          "tags": [
            "product"
          ],
          "url": "https://www.network-inventory-advisor.com/download.html"
        },
        {
          "name": "VulnCheck Advisory: Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/network-inventory-advisor-unquoted-service-path-privilege-escalation"
        }
      ],
      "title": "Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25747",
    "datePublished": "2026-06-19T14:16:48.638Z",
    "dateReserved": "2026-06-19T13:10:13.910Z",
    "dateUpdated": "2026-06-19T14:16:48.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}