CRITICAL🇵🇱 Wersja polska

CVE-2019-25029

CVSS 9.8v3.1pub. 2021-05-26upd. 2024-11-21

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Versa Networks Versa Director

    APP
    Versa-Networks
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-39717HIGH7.2⚠ KEVten sam produkt

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is...

CVE-2025-23168MEDIUM6.3ten sam produkt

The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Pas...

CVE-2021-39285MEDIUM6.1ten sam produkt

A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration...

CVE-2018-16496MEDIUM5.3ten sam produkt

In Versa Director, the un-authentication request found.

CVE-2018-16498MEDIUM5.5ten sam produkt

In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored with...