Lucene search

[email protected]CVE-2019-11552

HistoryJul 19, 2019 - 2:15 p.m.

CVE-2019-11552

2019-07-1914:15:12

CWE-94

[email protected]

web.nvd.nist.gov

cve-2019-11552

code42 enterprise

crashplan for small business

eval injection

nvd

security issue

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.3%

JSON

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.

Affected configurations

NVD

Node

code42code42_for_enterpriseRange6.7–6.7.5

code42code42_for_enterpriseRange6.8–6.8.8

code42code42_for_enterpriseRange6.9–6.9.4

Node

code42crashplan_for_small_businessRange6.7–6.7.5

code42crashplan_for_small_businessRange6.8–6.8.8

code42crashplan_for_small_businessRange6.9–6.9.4

CPENameOperatorVersion
code42:code42_for_enterprisecode42 code42 for enterpriselt6.7.5
code42:code42_for_enterprisecode42 code42 for enterpriselt6.8.8
code42:code42_for_enterprisecode42 code42 for enterpriselt6.9.4

CPE	Name	Operator	Version
code42:code42_for_enterprise	code42 code42 for enterprise	lt	6.7.5
code42:code42_for_enterprise	code42 code42 for enterprise	lt	6.8.8
code42:code42_for_enterprise	code42 code42 for enterprise	lt	6.9.4

References

bordplate.no/blog/en/post/crashplan-privilege-escalation/

code42.com/r/support/CVE-2019-11552

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for CVE-2019-11552

prion1 cvelist1 nvd1