Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2019-9507
PUBLISHED
More InfoOfficial Page
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
View Known Exploited Vulnerability (KEV) details
Published At-30 Mar, 2020 | 20:50
Updated At-17 Sep, 2024 | 02:56
Rejected At-
▼CVE Numbering Authority (CNA)
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to arbitrary remote code execution

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.

Affected Products
Vendor
Vertiv
Product
Avocent UMG-4000
Versions
Affected
  • 4.2.1.19
Problem Types
TypeCWE IDDescription
CWECWE-95CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Metrics
VersionBase scoreBase severityVector
3.18.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Vertiv Avocent has released patches for these vulnerabilities. Trellis customers of the UMG running firmware v4.2.0.23 that are operating Trellis v5.0.2 through 5.0.6 and all Non-Trellis UMG customers should install the update patch found https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ . Trellis users of the UMG that are operating Trellis v5.0.6 and later should install Universal Gateway firmware version 4.3.0.23 found https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ .

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/
x_refsource_MISC
https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/
x_refsource_MISC
x_transferred
https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/
x_refsource_MISC
x_transferred
Details not found