الثغرات ›

CVE-2019-25309

مرتفع

CWE-428 — نوع الضعف

                    نُشر: Feb 11, 2026                      ·  آخر تحديث: Feb 28, 2026                      ·  المصدر: NVD                

CVSS v3

7.8

🔗 NVD الرسمي

📄 الوصف (الإنجليزية)

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.

🤖 ملخص AI

CVE-2019-25309 is a local privilege escalation vulnerability in Zilab Remote Console Server 3.2.9 exploiting unquoted service paths, allowing attackers to execute arbitrary code with SYSTEM privileges. While no public exploit exists, the vulnerability is straightforward to exploit and poses significant risk to organizations using this remote management tool. Immediate patching is critical as the vulnerability requires only local access and results in complete system compromise.

📄 الوصف (العربية)

🤖 التحليل الذكي آخر تحليل: Apr 27, 2026 05:19

🇸🇦 التأثير على المملكة العربية السعودية

This vulnerability primarily impacts Saudi organizations using Zilab Remote Console Server for IT infrastructure management, particularly in: Banking sector (SAMA-regulated institutions) for remote server administration, Government agencies (NCA oversight) managing critical infrastructure, Healthcare facilities using remote management tools, Energy sector (ARAMCO and related entities) for operational technology management, and Telecom providers (STC, Mobily) for network infrastructure. The local privilege escalation nature makes it especially dangerous in multi-tenant environments and shared hosting scenarios common in Saudi enterprise infrastructure.

🏢 القطاعات السعودية المتأثرة

Banking and Financial Services Government and Public Administration Healthcare and Medical Facilities Energy and Utilities Telecommunications Critical Infrastructure IT Service Providers Data Centers

🎯 تقنيات MITRE ATT&CK

T1548.004 - Abuse Elevation Control Mechanism: Unquoted Path T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder T1543.003 - Create or Modify System Process: Windows Service T1134.003 - Access Token Manipulation: Make and Impersonate Token T1053.005 - Scheduled Task/Job: Scheduled Task T1574.008 - Hijack Execution Flow: DLL Search Order Hijacking

⚖️ درجة المخاطر السعودية (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all systems running Zilab Remote Console Server 3.2.9 across your infrastructure

2. Restrict local access to affected systems through network segmentation and access controls

3. Implement principle of least privilege for user accounts with local system access

4. Enable Windows Event Logging for service creation and process execution (Event ID 4688, 7045)



PATCHING:

1. Upgrade Zilab Remote Console Server to version 3.3.0 or later immediately

2. Verify patch installation by checking service binary path contains quoted paths

3. Restart affected services after patching

4. Test functionality in non-production environment first



COMPENSATING CONTROLS (if immediate patching not possible):

1. Implement file integrity monitoring on service executable directories

2. Deploy application whitelisting to prevent unauthorized executable execution

3. Use Windows AppLocker to restrict execution in service paths

4. Monitor for suspicious process creation from service paths



DETECTION:

1. Search Windows Registry: HKLM\SYSTEM\CurrentControlSet\Services for unquoted paths containing spaces

2. PowerShell: Get-WmiObject win32_service | Where-Object {$_.PathName -like '* *' -and $_.PathName -notlike '"*'}

3. Monitor Event Viewer for Service Control Manager events (Event ID 7045) with suspicious binary paths

4. Alert on any executable creation in Program Files or service directories with unusual names

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تقوم بتشغيل Zilab Remote Console Server 3.2.9 عبر البنية التحتية

2. تقييد الوصول المحلي للأنظمة المتأثرة من خلال تقسيم الشبكة والتحكم في الوصول

3. تطبيق مبدأ أقل امتياز لحسابات المستخدمين التي تتمتع بوصول محلي للنظام

4. تفعيل تسجيل أحداث Windows لإنشاء الخدمات وتنفيذ العمليات

التصحيح:

1. ترقية Zilab Remote Console Server إلى الإصدار 3.3.0 أو أحدث فوراً

2. التحقق من تثبيت التصحيح بفحص مسار ملف الخدمة يحتوي على مسارات مقتبسة

3. إعادة تشغيل الخدمات المتأثرة بعد التصحيح

4. اختبار الوظائف في بيئة غير الإنتاج أولاً

الضوابط البديلة:

1. تطبيق مراقبة سلامة الملفات على دلائل ملفات الخدمة

2. نشر قائمة بيضاء للتطبيقات لمنع تنفيذ ملفات تنفيذية غير مصرح بها

3. استخدام AppLocker لتقييد التنفيذ في مسارات الخدمة

4. مراقبة إنشاء عمليات مريبة من مسارات الخدمة

الكشف:

1. البحث في سجل Windows: HKLM\SYSTEM\CurrentControlSet\Services عن مسارات غير مقتبسة تحتوي على مسافات

2. PowerShell: Get-WmiObject win32_service | Where-Object {$_.PathName -like '* *' -and $_.PathName -notlike '"*'}

3. مراقبة Event Viewer لأحداث Service Control Manager مع مسارات ملفات تنفيذية مريبة

4. تنبيهات عند إنشاء ملف تنفيذي في دلائل Program Files أو الخدمات بأسماء غير عادية

📋 خريطة الامتثال التنظيمي

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.5.2.1 - User access management A.5.2.3 - Management of privileged access rights A.5.3.1 - Password management A.6.2.1 - Restriction of access to information A.6.2.2 - Access rights review A.8.1.1 - User endpoint devices A.8.2.1 - User awareness and training A.8.3.1 - Incident management

🔵 SAMA CSF

Governance & Risk Management - Policy and Risk Assessment Information & Cybersecurity - Access Control and Authentication Information & Cybersecurity - System Hardening and Configuration Management Resilience & Recovery - Incident Response and Management Compliance & Assurance - Vulnerability Management

🟡 ISO 27001:2022

5.3 - Segregation of duties 6.1.2 - Information security roles and responsibilities 6.2.1 - Screening 6.2.2 - Terms and conditions of employment 8.1.1 - User endpoint devices 8.2.1 - User awareness and training 8.3.1 - Incident management 8.6.1 - Application security 8.7.1 - Cryptography A.5.2.3 - Management of privileged access rights

🟣 PCI DSS v4.0.1

2.1 - Default security parameters 2.2.4 - Configure system security parameters 6.2 - Ensure security patches are installed 7.1 - Limit access to system components 8.1 - Assign unique ID to each person 8.2.3 - Passwords encrypted during transmission and storage

🔗 المراجع والمصادر 3

🔗

http://html.tucows.com/preview/340137/Zilab-Remote-Console-Server?q=remote+support

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/47506

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/zilab-remote-console-server-zilab-remote-console-s...

disclosure@vulncheck.com

📊 CVSS Score

7.8

/ 10.0 — مرتفع

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 حقائق سريعة

الخطورة مرتفع

CVSS Score7.8

CWECWE-428

EPSS0.01%

اختراق متاح لا

تصحيح متاح ✓ نعم

تاريخ النشر 2026-02-11

المصدر nvd

المشاهدات 7

🇸🇦 درجة المخاطر السعودية

7.8

/ 10.0 — مخاطر السعودية

أولوية: HIGH

🏷️ الوسوم

CWE-428

⚡ إجراءات

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 التعليقات

جارٍ التحميل

CVE-2019-25309

💬 التعليقات

عرّفنا بنفسك

تسجيل الدخول مطلوب