Vulnerability Details : CVE-2019-18780
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.
Products affected by CVE-2019-18780
- cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:cluster_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:cluster_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:storage_foundation_ha:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:storage_foundation_ha:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:access_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:flex_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:infoscale:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:infoscale:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18780
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18780
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-18780
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18780
-
https://www.veritas.com/content/support/en_US/security/VTS19-004
VTS19-004: Arbitrary Command Injection Vulnerability in Veritas Flex Appliance | Veritas™Patch;Vendor Advisory
-
https://www.veritas.com/content/support/en_US/security/VTS19-005
VTS19-005: Arbitrary Command Injection Vulnerability in Veritas Access and Access Appliance | Veritas™Patch;Vendor Advisory
-
https://www.veritas.com/content/support/en_US/security/VTS19-006
VTS19-006: Arbitrary Command Injection Vulnerability in Multiple Veritas Products | Veritas™Patch;Vendor Advisory
-
https://www.veritas.com/content/support/en_US/security/VTS19-003
VTS19-003: Arbitrary Command Injection Vulnerability in Veritas InfoScale and Related Products | Veritas™Patch;Vendor Advisory
Jump to