OS Command Injection in Access analysis CGI An-Analyzer - CVE-2019-5987
Published: July 10, 2019 / Updated: July 15, 2019
Vulnerability identifier: #VU19131
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-5987
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Access analysis CGI An-Analyzer
Access analysis CGI An-Analyzer
Software vendor:
ANGLERSNET Co,.Ltd.
ANGLERSNET Co,.Ltd.
Description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Management Page. A remote authenticated attacker who with ability to login to the product may execute arbitrary OS command.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
This vulnerability affects only versions released in 2019 June 24 and earlier.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.