Arbitrary Command Execution in Veritas Resiliency Platform by Veritas
CVE-2019-14417

7.2HIGH

Key Information:

Vendor
Veritas
Status
Resiliency Platform
Vendor
CVE Published:
29 July 2019

Summary

A vulnerability in Veritas Resiliency Platform (VRP) versions prior to 3.4 HF1 allows an attacker with user-level access to execute arbitrary commands with root privileges within the VRP virtual machine. This flaw, which is associated with DNS functionality, poses significant risks as it could enable unauthorized actions that compromise the platform’s integrity and security.

References

https://www.veritas.com/content/support/en_US/security/VT...
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Jul/39
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/153842/Veritas-Resil...
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.