Systrome Networks ISG products CVE-2019-7383 Arbitrary Shell Command Injection Vulnerability
BID:107035
CVE-2019-7383 |Info
Systrome Networks ISG products CVE-2019-7383 Arbitrary Shell Command Injection Vulnerability
| Bugtraq ID: | 107035 |
| Class: | Input Validation Error |
| CVE: |
CVE-2019-7383 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 12 2019 12:00AM |
| Updated: | Feb 12 2019 12:00AM |
| Credit: | Kaustubh Padwad |
| Vulnerable: |
Systrome Networks ISG-800W 1.1-R2.1 TRUNK-20181 Systrome Networks ISG-600H 1.1-R2.1 TRUNK-20181 Systrome Networks ISG-600C 1.1-R2.1 TRUNK-20181 |
| Not Vulnerable: |
Systrome Networks ISG-800W 1.1-R2.1 TRUNK-20181 Systrome Networks ISG-600H 1.1-R2.1 TRUNK-20181 Systrome Networks ISG-600C 1.1-R2.1 TRUNK-20181 |
Discussion
Systrome Networks ISG products CVE-2019-7383 Arbitrary Shell Command Injection Vulnerability
Systrome Networks ISG products is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Local attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.
The following products are vulnerable:
ISG-600C
ISG-600H
ISG-800W
Systrome Networks ISG products is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Local attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.
The following products are vulnerable:
ISG-600C
ISG-600H
ISG-800W
Solution / Fix
Systrome Networks ISG products CVE-2019-7383 Arbitrary Shell Command Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Systrome Networks ISG products CVE-2019-7383 Arbitrary Shell Command Injection Vulnerability
References:
References: