CVE-2019-3999

Опубликовано: 25 фев. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Средний

Описание

Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.

Ссылки

http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://www.tenable.com/security/research/tra-2020-12
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://www.tenable.com/security/research/tra-2020-12
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:druva:insync_client:6.5.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.16557

Средний

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-xm72-wm3m-qgm7

github

больше 3 лет назад