CVE-2019-9507

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.

CVSS v3 8.3 HIGH
CVSS v2.0 9.0 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/	Vendor Advisory
https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/	Vendor Advisory
https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/	Vendor Advisory
https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:vertiv:avocent_umg-4000_firmware:4.2.1.19:*:*:*:*:*:*:*

cpe:2.3:h:vertiv:avocent_umg-4000:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:51

Type	Values Removed	Values Added
CVSS	v2 : ~~9.0~~ v3 : ~~7.2~~	v2 : 9.0 v3 : 8.3
References	~~() https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ - Vendor Advisory~~	() https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ - Vendor Advisory
References	~~() https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ - Vendor Advisory~~	() https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ - Vendor Advisory

Information

Published : 2020-03-30 22:15

Updated : 2024-11-21 04:51

NVD link : CVE-2019-9507

Mitre link : CVE-2019-9507

CVE.ORG link : CVE-2019-9507

JSON object : View

Products Affected

vertiv

avocent_umg-4000_firmware
avocent_umg-4000

CWE

CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2019-9507", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cret@cert.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2020-03-30T22:15:14.180", "references": [{"url": "https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cret@cert.org", "description": [{"lang": "en", "value": "CWE-95"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root."}, {"lang": "es", "value": "La interfaz web de Vertiv Avocent UMG-4000 versi\u00f3n 4.2.1.19, es vulnerable a una inyecci\u00f3n de comandos porque la aplicaci\u00f3n neutraliza incorrectamente la sintaxis del c\u00f3digo antes de su ejecuci\u00f3n. Dado que todos los comandos dentro de la aplicaci\u00f3n web son ejecutados como root, esto podr\u00eda permitir a un atacante remoto autenticado con una cuenta de administrador ejecutar comandos arbitrarios como root."}], "lastModified": "2024-11-21T04:51:45.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vertiv:avocent_umg-4000_firmware:4.2.1.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B951ADA-5030-41BC-9DA6-278F571B3ADA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vertiv:avocent_umg-4000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "86B85E8E-24E1-462C-8FA7-4A7427D87243"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cret@cert.org"}

8.3 /10