SALTO ProAccess SPACE 5.4.3.0 Improper Input Validation Vulnerability

Summary

SALTO ProAccess SPACE Software is a powerful access control management tool that enables you to program access time zones for each user, manage different calendars and obtain audit trails from each door to see who has passed through it. The software includes special functions such as automatic door status changes, anti-passback and relay management. Thanks to its advanced software features, SALTO ProAccess SPACE is also one of the most user-friendly and powerful software products for the access control management of stand-alone wireless devices, and IP online devices in one converged complete access control platform for the user, keys and doors management.

Credit:

The information has been provided by Vendor

The original article can be found at:https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-salto-proaccess-space/


Details

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.

 

Vulnerable Systems:

SALTO ProAccess SPACE 5.4.3.0

 

CVE Information:

CVE-2019-19459

 

Disclosure Timeline:
Published Date:12/3/2019

Categories: News