CVE-2019-18780

CRITICAL

Veritas Cluster Server <6.2.1/Linux-UNIX - Command Injection

Title source: llm

Description

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_misc

https://www.veritas.com/content/support/en_US/security/VTS19-003

Patch, Vendor Advisory x_refsource_misc

https://www.veritas.com/content/support/en_US/security/VTS19-004

Patch, Vendor Advisory x_refsource_misc

https://www.veritas.com/content/support/en_US/security/VTS19-005

Patch, Vendor Advisory x_refsource_misc

https://www.veritas.com/content/support/en_US/security/VTS19-006

Scores

CVSS v3 9.8

EPSS 0.0614

EPSS Percentile 92.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (6)

veritas/access < 7.4.2

veritas/access_appliance < 7.4.2

veritas/cluster_server < 6.1

veritas/flex_appliance < 1.2

veritas/infoscale < 7.3.1

veritas/storage_foundation_ha < 6.1

Published Nov 05, 2019

Tracked Since Feb 18, 2026