Lucene search

[email protected]CVE-2019-18780

HistoryNov 05, 2019 - 8:15 p.m.

CVE-2019-18780

2019-11-0520:15:11

CWE-77

[email protected]

web.nvd.nist.gov

cve

veritas

infoscale

cluster server

command injection

vulnerability

nvd

access

appliance

flex appliance

storage foundation

sfha

vcs

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.

Affected configurations

NVD

Node

veritasaccessRange≤7.4.2

veritasaccess_applianceRange≤7.4.2

veritasflex_applianceRange≤1.2

veritasinfoscaleRange≤7.3.1

veritasinfoscaleRange7.4.0–7.4.1

Node

veritascluster_serverRange≤6.1

veritasstorage_foundation_haRange≤6.1

AND

microsoftwindowsMatch-

Node

veritascluster_serverRange≤6.2.1

veritasstorage_foundation_haRange≤6.2.1

AND

linuxlinux_kernelMatch-

CPENameOperatorVersion
veritas:accessveritas accessle7.4.2
veritas:access_applianceveritas access appliancele7.4.2
veritas:flex_applianceveritas flex appliancele1.2
veritas:infoscaleveritas infoscalele7.3.1
veritas:infoscaleveritas infoscalele7.4.1

CPE	Name	Operator	Version
veritas:access	veritas access	le	7.4.2
veritas:access_appliance	veritas access appliance	le	7.4.2
veritas:flex_appliance	veritas flex appliance	le	1.2
veritas:infoscale	veritas infoscale	le	7.3.1
veritas:infoscale	veritas infoscale	le	7.4.1

References

www.veritas.com/content/support/en_US/security/VTS19-003

www.veritas.com/content/support/en_US/security/VTS19-004

www.veritas.com/content/support/en_US/security/VTS19-005

www.veritas.com/content/support/en_US/security/VTS19-006

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for CVE-2019-18780

nvd1 symantec1 prion1 cvelist1