PT-2019-12375 · Code42 · Code42 Enterprise+1

Publicado

2019-07-19

Atualizado

2022-04-18

CVE-2019-11552

CVSS v3.1

7.0

Alta

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Code42 Enterprise and Crashplan for Small Business Client versions 6.7 through 6.7.4 Code42 Enterprise and Crashplan for Small Business Client versions 6.8 through 6.8.7 Code42 Enterprise and Crashplan for Small Business Client versions 6.9 through 6.9.3

Description The issue allows for eval injection, where a lesser privileged user can craft a proxy auto-configuration file to execute arbitrary code at a higher privilege as the service user.

Recommendations For versions 6.7 through 6.7.4, update to version 6.7.5 or later. For versions 6.8 through 6.8.7, update to version 6.8.8 or later. For versions 6.9 through 6.9.3, update to version 6.9.4 or later.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2019-11552

Produtos afetados

Code42 Enterprise

Crashplan For Small Business Client

PT-2019-12375 · Code42 · Code42 Enterprise+1

CVE-2019-11552

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4