CVE-2019-25671: VA MAX RCE - Versions 8.3.4 Vulnerable
Platform
php
Component
va-max
CVE-2019-25671 is a Remote Code Execution (RCE) vulnerability discovered in VA MAX versions 8.3.4–8.3.4. This flaw allows authenticated attackers to inject shell metacharacters into the mtu_eth0 parameter within the changeip.php endpoint, enabling the execution of arbitrary commands on the system. Successful exploitation could lead to unauthorized access and control. A patch addressing this vulnerability is available.
How to fix
Actualice a una versión corregida de VA MAX que solucione la vulnerabilidad de ejecución remota de código. Verifique la documentación del proveedor para obtener instrucciones específicas de actualización. Como medida temporal, limite el acceso al archivo changeip.php y valide estrictamente la entrada del parámetro mtu_eth0.
Frequently asked questions
What is CVE-2019-25671?
CVE-2019-25671 is a Remote Code Execution (RCE) vulnerability affecting VA MAX versions 8.3.4–8.3.4. It allows authenticated attackers to execute commands by manipulating the mtu_eth0 parameter in the changeip.php endpoint.
Am I affected by CVE-2019-25671?
You are potentially affected if you are running VA MAX version 8.3.4. Check your system and update immediately if vulnerable.
How do I fix CVE-2019-25671?
Apply the available patch for VA MAX to a secure version. Refer to the vendor's security advisory for specific instructions and updated versions.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free