Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to arbitrary remote code execution
Vulnerability Description
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
Vertiv Avocent UMG-4000 命令注入漏洞
Vulnerability Description
Vertiv Avocent UMG-4000是美国维谛技术(Vertiv)公司的一款通用管理网关设备。该产品支持实时管理、监控、访问和控制IT设备和基础设施。 Vertiv Avocent UMG-4000 4.2.1.19版本中的Web接口存在命令注入漏洞。远程攻击者可利用该漏洞以root权限执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A