CVE-2019-14418

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
veritasresiliency_platform
1.2
veritasresiliency_platform
2.0
veritasresiliency_platform
2.1
veritasresiliency_platform
2.2
veritasresiliency_platform
2.2:update_3
veritasresiliency_platform
3.0
veritasresiliency_platform
3.1
veritasresiliency_platform
3.2
veritasresiliency_platform
3.3
veritasresiliency_platform
3.3.1
veritasresiliency_platform
3.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/153842/Veritas-Resiliency-Platform-VRP-Traversal-Command-Execution.html
http://seclists.org/fulldisclosure/2019/Jul/39
https://www.veritas.com/content/support/en_US/security/VTS19-002.html#Issue1
http://packetstormsecurity.com/files/153842/Veritas-Resiliency-Platform-VRP-Traversal-Command-Execution.html
http://seclists.org/fulldisclosure/2019/Jul/39
https://www.veritas.com/content/support/en_US/security/VTS19-002.html#Issue1