CVE-2019-18780: Command Injection
First published: Tue Nov 05 2019(Updated: )
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Veritas Access | <=7.4.2 | |
| Veritas Access Appliance | <=7.4.2 | |
| Veritas Flex Appliance | <=1.2 | |
| Veritas InfoScale | <=7.3.1 | |
| Veritas InfoScale | >=7.4.0<=7.4.1 | |
| Veritas Cluster Server | <=6.1 | |
| Veritas Storage Foundation Ha | <=6.1 | |
| Microsoft Windows | ||
| Veritas Cluster Server | <=6.2.1 | |
| Veritas Storage Foundation Ha | <=6.2.1 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-18780?
CVE-2019-18780 is an arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale.
How does CVE-2019-18780 impact Veritas products?
CVE-2019-18780 allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator on Veritas products, including Veritas Access, Veritas Access Appliance, Veritas Flex Appliance, Veritas InfoScale, Veritas Cluster Server, and Veritas Storage Foundation HA.
How severe is CVE-2019-18780?
CVE-2019-18780 has a severity score of 9.8 (Critical).
How do I fix CVE-2019-18780?
To fix CVE-2019-18780, users should update to the latest versions of Veritas products mentioned above and follow the recommendations provided by Veritas in their security advisories.
Where can I find more information about CVE-2019-18780?
More information about CVE-2019-18780 can be found in the official Veritas security advisories: [Link 1](https://www.veritas.com/content/support/en_US/security/VTS19-003), [Link 2](https://www.veritas.com/content/support/en_US/security/VTS19-004), [Link 3](https://www.veritas.com/content/support/en_US/security/VTS19-005).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/veritas
- canonical/veritas access
- version/veritas access/7.4.2
- canonical/veritas access appliance
- version/veritas access appliance/7.4.2
- canonical/veritas flex appliance
- version/veritas flex appliance/1.2
- canonical/veritas infoscale
- version/veritas infoscale/7.3.1
- version/veritas infoscale/7.4.0
- version/veritas infoscale/7.4.1
- canonical/veritas cluster server
- version/veritas cluster server/6.1
- canonical/veritas storage foundation ha
- version/veritas storage foundation ha/6.1
- vendor/microsoft
- canonical/microsoft windows
- version/veritas cluster server/6.2.1
- version/veritas storage foundation ha/6.2.1
- vendor/linux
- canonical/linux linux kernel