Vulnerability Details CVE-2019-14416
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/153842/Veritas-Resiliency-Platform-VRP-Traversal-Command-Execution.html
- http://seclists.org/fulldisclosure/2019/Jul/39
- https://www.veritas.com/content/support/en_US/security/VTS19-002.html#Issue3
- http://packetstormsecurity.com/files/153842/Veritas-Resiliency-Platform-VRP-Traversal-Command-Execution.html
- http://seclists.org/fulldisclosure/2019/Jul/39
- https://www.veritas.com/content/support/en_US/security/VTS19-002.html#Issue3
Products affected by CVE-2019-14416
-
cpe:2.3:a:veritas:resiliency_platform:-
-
cpe:2.3:a:veritas:resiliency_platform:1.2
-
cpe:2.3:a:veritas:resiliency_platform:2.0
-
cpe:2.3:a:veritas:resiliency_platform:2.1
-
cpe:2.3:a:veritas:resiliency_platform:2.2
-
cpe:2.3:a:veritas:resiliency_platform:3.0
-
cpe:2.3:a:veritas:resiliency_platform:3.1
-
cpe:2.3:a:veritas:resiliency_platform:3.2
-
cpe:2.3:a:veritas:resiliency_platform:3.3
-
cpe:2.3:a:veritas:resiliency_platform:3.3.1
-
cpe:2.3:a:veritas:resiliency_platform:3.3.2