CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18780

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0460%
EPSS Percentile2.56th
PublishedNov 5, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.

Affected Platforms (CPE)

πŸ“¦
Veritas

Access

<= 7.4.2
πŸ“¦
Veritas

Access Appliance

<= 7.4.2
πŸ“¦
Veritas

Flex Appliance

<= 1.2
πŸ“¦
Veritas

Infoscale

<= 7.3.1
πŸ“¦
Veritas

Infoscale

>= 7.4.0 and <= 7.4.1
πŸ“¦
Veritas

Cluster Server

<= 6.1
πŸ“¦
Veritas

Storage Foundation Ha

<= 6.1
πŸ“¦
Veritas

Cluster Server

<= 6.2.1
πŸ“¦
Veritas

Storage Foundation Ha

<= 6.2.1

References & Advisories

πŸ”— https://www.veritas.com/content/support/en_US/security/VTS19-003
πŸ”— https://www.veritas.com/content/support/en_US/security/VTS19-004
πŸ”— https://www.veritas.com/content/support/en_US/security/VTS19-005
πŸ”— https://www.veritas.com/content/support/en_US/security/VTS19-006
πŸ”— https://www.veritas.com/content/support/en_US/security/VTS19-003
πŸ”— https://www.veritas.com/content/support/en_US/security/VTS19-004
πŸ”— https://www.veritas.com/content/support/en_US/security/VTS19-005
πŸ”— https://www.veritas.com/content/support/en_US/security/VTS19-006

Related Vulnerabilities

CVE-2017-1091210.0

Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.

CVE-2017-1092010.0

The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a G...

CVE-2017-1091810.0

Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privil...

CVE-2017-1092110.0

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map ma...