Lucene search

[email protected]CVE-2019-4000

HistoryFeb 25, 2020 - 9:15 p.m.

CVE-2019-4000

2020-02-2521:15:10

CWE-94

[email protected]

web.nvd.nist.gov

cve-2019-4000

druva insync

mac os

client 6.5.0

security vulnerability

code execution

python

privilege escalation

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges.

Affected configurations

NVD

Node

druvainsyncMatch6.5.0

AND

applemacosMatch-

CPENameOperatorVersion
druva:insyncdruva insynceq6.5.0

CPE	Name	Operator	Version
druva:insync	druva insync	eq	6.5.0

CNA Affected

[
  {
    "product": "Druva inSync Mac OS Client",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "6.5.0"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2020-12

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-4000

prion1 cvelist1 nvd1