CVE-2019-25029

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.
References
Link Resource
https://hackerone.com/reports/1168198 Third Party Advisory
https://hackerone.com/reports/1168198 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:versa-networks:versa_director:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:39

Type Values Removed Values Added
References () https://hackerone.com/reports/1168198 - Third Party Advisory () https://hackerone.com/reports/1168198 - Third Party Advisory

07 Jun 2021, 13:39

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 10.0
v3 : 9.8
CPE cpe:2.3:a:versa-networks:versa_director:-:*:*:*:*:*:*:*
CWE CWE-77
References (MISC) https://hackerone.com/reports/1168198 - (MISC) https://hackerone.com/reports/1168198 - Third Party Advisory

26 May 2021, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-26 19:15

Updated : 2024-11-21 04:39


NVD link : CVE-2019-25029

Mitre link : CVE-2019-25029

CVE.ORG link : CVE-2019-25029


JSON object : View

Products Affected

versa-networks

  • versa_director
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')