Main Vulnerability Database Vulnerabilities #VU17356

#VU17356 OS Command Injection in ZenLoad Balancer - CVE-2019-7301

Published: February 1, 2019 / Updated: June 17, 2021

Vulnerability identifier: #VU17356

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2019-7301

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
ZenLoad Balancer

Software vendor:
Zevenet

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated attacker can inject arbitrary OS commands via shell metacharacters in the index.cgi?action=View_Cert certname parameter to execute arbitrary code with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://code610.blogspot.com/2019/01/rce-in-zenload-balancer.html

#VU17356 OS Command Injection in ZenLoad Balancer - CVE-2019-7301

Description

Remediation

External links

Please verify you're human