PT-2019-12375 · Code42 · Code42 Enterprise+1

Published

2019-07-19

Updated

2022-04-18

CVE-2019-11552

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Code42 Enterprise and Crashplan for Small Business Client versions 6.7 through 6.7.4 Code42 Enterprise and Crashplan for Small Business Client versions 6.8 through 6.8.7 Code42 Enterprise and Crashplan for Small Business Client versions 6.9 through 6.9.3

Description The issue allows for eval injection, where a lesser privileged user can craft a proxy auto-configuration file to execute arbitrary code at a higher privilege as the service user.

Recommendations For versions 6.7 through 6.7.4, update to version 6.7.5 or later. For versions 6.8 through 6.8.7, update to version 6.8.8 or later. For versions 6.9 through 6.9.3, update to version 6.9.4 or later.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2019-11552

Affected Products

Code42 Enterprise

Crashplan For Small Business Client

PT-2019-12375 · Code42 · Code42 Enterprise+1

CVE-2019-11552

Weakness Enumeration

Related Identifiers

Affected Products

References · 4