漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to arbitrary remote code execution
Vulnerability Description
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
Vertiv Avocent UMG-4000 命令注入漏洞
Vulnerability Description
Vertiv Avocent UMG-4000是美国维谛技术(Vertiv)公司的一款通用管理网关设备。该产品支持实时管理、监控、访问和控制IT设备和基础设施。 Vertiv Avocent UMG-4000 4.2.1.19版本中的Web接口存在命令注入漏洞。远程攻击者可利用该漏洞以root权限执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A