First published: Thu Aug 29 2019(Updated: )
An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Prophecyinternational Snare Central | <7.4.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11364 is an OS Command Injection vulnerability in Snare Central before version 7.4.5.
CVE-2019-11364 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter.
The severity of CVE-2019-11364 is critical with a CVSS score of 7.2.
Snare Central versions up to exclusive version 7.4.5 are affected by CVE-2019-11364.
To fix CVE-2019-11364, it is recommended to update Snare Central to version 7.4.5 or later.