Vulnerabilites related to veritas - infoscale
cve-2020-36166
Vulnerability from cvelistv5
Published
2021-01-06 00:51
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf, where <drive> could be the default Windows installation drive such as C:\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS20-014 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \\usr\\local\\ssl. This library attempts to load the \\usr\\local\\ssl\\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to \u003cdrive\u003e:\\usr\\local\\ssl\\openssl.cnf, where \u003cdrive\u003e could be the default Windows installation drive such as C:\\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a \u003cdrive\u003e:\\usr\\local\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T00:51:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \\usr\\local\\ssl. This library attempts to load the \\usr\\local\\ssl\\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to \u003cdrive\u003e:\\usr\\local\\ssl\\openssl.cnf, where \u003cdrive\u003e could be the default Windows installation drive such as C:\\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a \u003cdrive\u003e:\\usr\\local\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS20-014",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36166",
"datePublished": "2021-01-06T00:51:38",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-04T17:23:09.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18780
Vulnerability from cvelistv5
Published
2019-11-05 19:05
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS19-003 | x_refsource_MISC | |
| https://www.veritas.com/content/support/en_US/security/VTS19-004 | x_refsource_MISC | |
| https://www.veritas.com/content/support/en_US/security/VTS19-005 | x_refsource_MISC | |
| https://www.veritas.com/content/support/en_US/security/VTS19-006 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-003"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T19:05:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-003"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS19-003",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-003"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS19-004",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-004"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS19-005",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-005"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS19-006",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18780",
"datePublished": "2019-11-05T19:05:17",
"dateReserved": "2019-11-05T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-01-06 01:15
Modified
2024-11-21 05:28
Severity ?
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf, where <drive> could be the default Windows installation drive such as C:\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | infoscale | * | |
| veritas | infoscale_operations_manager | * | |
| veritas | storage_foundation | * | |
| veritas | storage_foundation_and_high_availability | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:infoscale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5CA35E-248F-44E2-A4E5-FD33422E8EA8",
"versionEndIncluding": "7.4.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91E5814D-0C90-480F-A154-D199AF6B7EF4",
"versionEndIncluding": "7.4.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:storage_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDDBD0A-1513-48DB-B8D1-D61F458B78F8",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:storage_foundation_and_high_availability:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD526F29-512A-4713-86E1-878755557B29",
"versionEndIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \\usr\\local\\ssl. This library attempts to load the \\usr\\local\\ssl\\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to \u003cdrive\u003e:\\usr\\local\\ssl\\openssl.cnf, where \u003cdrive\u003e could be the default Windows installation drive such as C:\\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a \u003cdrive\u003e:\\usr\\local\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Veritas InfoScale versiones 7.x hasta 7.4.2 en Windows, Storage Foundation versiones hasta 6.1 en Windows, Storage Foundation HA versiones hasta 6.1 en Windows e InfoScale Operations Manager (tambi\u00e9n se conoce como VIOM) Windows Management Server versiones 7.x hasta 7.4.2 .\u0026#xa0;Al iniciarse, carga la biblioteca OpenSSL desde \\usr\\local\\ssl.\u0026#xa0;Esta biblioteca intenta cargar el archivo de configuraci\u00f3n \\usr\\local\\ssl\\openssl.cnf, que puede no estar presente.\u0026#xa0;En los sistemas Windows, esta ruta podr\u00eda traducirse a (drive):\\usr\\local\\ssl\\openssl.cnf, donde (drive) podr\u00eda ser la unidad de instalaci\u00f3n predeterminada de Windows, como C:\\ o la unidad donde est\u00e1 instalado un producto de Veritas.\u0026#xa0;Por defecto, en los sistemas Windows, los usuarios pueden crear directorios en cualquier directorio de nivel superior.\u0026#xa0;Un usuario poco privilegiado puede crear un archivo de configuraci\u00f3n (drive):\\usr\\local\\ssl\\openssl.cnf para cargar un motor OpenSSL malicioso, resultando en una ejecuci\u00f3n de c\u00f3digo arbitraria como SYSTEM cuando se inicia el servicio.\u0026#xa0;Esto le otorga al atacante acceso de administrador al sistema, permitiendo al atacante (por defecto) acceder a todos los datos, acceder a todas las aplicaciones instaladas, etc"
}
],
"id": "CVE-2020-36166",
"lastModified": "2024-11-21T05:28:51.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-06T01:15:13.120",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-014"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 20:15
Modified
2024-11-21 04:33
Severity ?
Summary
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-003 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-004 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-005 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-006 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-003 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-004 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-005 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-006 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | access | * | |
| veritas | access_appliance | * | |
| veritas | flex_appliance | * | |
| veritas | infoscale | * | |
| veritas | infoscale | * | |
| veritas | cluster_server | * | |
| veritas | storage_foundation_ha | * | |
| microsoft | windows | - | |
| veritas | cluster_server | * | |
| veritas | storage_foundation_ha | * | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F929286-63B6-4D5A-9CF3-BF7E66201F90",
"versionEndIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:access_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "488CA659-F66A-43FC-BF89-4B7BECA8E1C8",
"versionEndIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E22B14D-D236-486C-88A1-A105D4904F76",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:infoscale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BECF4C9-6701-4A85-B3BC-F4D50DE04E2A",
"versionEndIncluding": "7.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:infoscale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C10DD22-65A6-4C8A-BB37-C30D41842C7D",
"versionEndIncluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:cluster_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "819C03F1-9596-4012-9722-F2B89202253E",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:storage_foundation_ha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E54C100-9BF4-4B7F-A2A5-B5671F267C7D",
"versionEndIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:cluster_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF04E40-59C2-409E-8C39-95D999C3B35A",
"versionEndIncluding": "6.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:storage_foundation_ha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "313F7193-63CE-4A70-BC92-0A393126A0F8",
"versionEndIncluding": "6.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos arbitraria en el componente Cluster Server de Veritas InfoScale, permite a un atacante remoto no autenticado ejecutar comandos arbitrarios como root o administrador. Estos productos de Veritas est\u00e1n afectados: Access versi\u00f3n 7.4.2 y anteriores, Access Appliance versi\u00f3n 7.4.2 y anteriores, Flex Appliance versi\u00f3n 1.2 y anteriores, InfoScale versi\u00f3n 7.3.1 y anteriores, InfoScale versiones entre 7.4.0 y 7.4.1, Veritas Cluster Server (VCS) versi\u00f3n 6.2.1 y anteriores en Linux/UNIX, Veritas Cluster Server (VCS) versi\u00f3n 6.1 y anteriores en Windows, Storage Foundation HA (SFHA) versi\u00f3n 6.2.1 y anteriores en Linux/UNIX y Storage Foundation HA (SFHA) versi\u00f3n 6.1 y anteriores en Windows."
}
],
"id": "CVE-2019-18780",
"lastModified": "2024-11-21T04:33:33.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T20:15:11.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-004"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-005"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}