CVE-2019-9507

Name of the Vulnerable Software and Affected Versions Vertiv Avocent UMG-4000 version 4.2.1.19

Description The web interface of the Vertiv Avocent UMG-4000 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.

Recommendations For Vertiv Avocent UMG-4000 version 4.2.1.19, consider disabling the web interface or restricting access to it until a patch is available to prevent command injection attacks. Additionally, restrict administrator account access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.