{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25747", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-06-19T13:10:13.910Z", "datePublished": "2026-06-19T14:16:48.638Z", "dateUpdated": "2026-06-22T19:34:13.159Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-19T14:16:48.638Z"}, "datePublic": "2019-11-04T00:00:00.000Z", "title": "Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation", "descriptions": [{"lang": "en", "value": "Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Unquoted Search Path or Element", "cweId": "CWE-428", "type": "CWE"}]}], "affected": [{"vendor": "Network-Inventory-Advisor", "product": "Network Inventory Advisor", "versions": [{"version": "5.0.26.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/47584", "name": "ExploitDB-47584", "tags": ["exploit"]}, {"url": "https://www.network-inventory-advisor.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.network-inventory-advisor.com/download.html", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/network-inventory-advisor-unquoted-service-path-privilege-escalation"}], "credits": [{"lang": "en", "value": "Samuel DiazL", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-22T19:34:04.993590Z", "id": "CVE-2019-25747", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T19:34:13.159Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Samuel DiazL"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Network-Inventory-Advisor", "product": "Network Inventory Advisor", "versions": [{"status": "affected", "version": "5.0.26.0"}]}], "datePublic": "2019-11-04T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/47584", "name": "ExploitDB-47584", "tags": ["exploit"]}, {"url": "https://www.network-inventory-advisor.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.network-inventory-advisor.com/download.html", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/network-inventory-advisor-unquoted-service-path-privilege-escalation", "name": "VulnCheck Advisory: Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "Unquoted Search Path or Element"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-19T14:16:48.638Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25747", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-22T19:34:04.993590Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-06-22T19:34:09.233Z"}}]}, "cveMetadata": {"cveId": "CVE-2019-25747", "state": "PUBLISHED", "dateUpdated": "2026-06-19T14:16:48.638Z", "dateReserved": "2026-06-19T13:10:13.910Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-06-19T14:16:48.638Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.0.26.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Network Inventory Advisor", "source": "cna", "vendor": "Network-Inventory-Advisor"}, "product": "network_inventory_advisor", "vendor": "network-inventory-advisor"}], "created": "2026-06-19T20:00:11.997544+00:00", "updated": "2026-06-20T22:36:01.951332+00:00", "vendors": ["network-inventory-advisor", "network-inventory-advisor$PRODUCT$network_inventory_advisor"]}