1. Home
  2. Security Notices & Advisories
  3. Security Advisory GOVSA.2019.1028.1 – Untrusted Search Path

Security Advisory GOVSA.2019.1028.1 – Untrusted Search Path


Advisory ID GOVSA.2019.1028.1
Vulnerability Type CWE-426 Untrusted Search Path
(leads to Command Injections / Local Privilege Escalation)
Issue Date 2019-10-28
Updated On 2019-10-28 (Initial Advisory)
Application Goverlan Reach (Agent)
Affected Versions Goverlan Client Agent v9.20.02 and earlier
Goverlan Reach Console v9.20 and earlier
Goverlan Reach Server v3.20 and earlier
Severity High
Vulnerability Status Update Released


CVEA vulnerability has been reported which allows a malicious actor to elevate his/her local privilege on a Windows system equipped with the Goverlan Agents. This exploit uses DLL Hijacking which allows a customized DLL to be ran with elevated privileges by the Goverlan Agent GovAgentx64.exe.

Vulnerability Type Remotely Exploitable Impact
Command Injection No Possible Local Code Execution
Local Privilege Escalation No Possible Escalation from Standard User to Local Administrative Privileges

Relevant Products

This exploit is exposed by the Goverlan Agent process: GovAgentx64.exe and GovAgent.exe versions 9.20.02 and earlier.

These Goverlan Client Agent are distributed on remote machine via the Goverlan Reach Console and Goverlan Reach Server versions 9.20 and 3.20 and earlier respectively.


Product Action
Goverlan Reach Console v9.20.XX and earlier Update to v9.50 or later
Goverlan Reach Server v3.20.XX and earlier Update to v3.50 or later
Goverlan Client Agent v9.20.02 Update to v9.20.50 or later


For further information about this security advisory, or to send us a security alert, please contact security(@)goverlan.com.


Goverlan would like to thank author PovlTekstTV for reporting this issue to us.


Updated on January 24, 2020

Related Articles