CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-4001
https://notcve.org/view.php?id=CVE-2019-4001
Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code. Una comprobación de entrada inapropiada en Druva inSync Client versión 6.5.0, permite a un atacante local y autenticado ejecutar código NodeJS arbitrario. • https://www.tenable.com/security/research/tra-2020-12 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-4000
https://notcve.org/view.php?id=CVE-2019-4000
Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges. Una neutralización inapropiada de las directivas en el código evaluado dinámicamente en Druva inSync Mac OS Client versión 6.5.0, permite a un atacante autenticado local ejecutar expresiones de Python arbitrarias con privilegios root. • https://www.tenable.com/security/research/tra-2020-12 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 4CVE-2019-3999 – Druva inSync Windows Client 6.5.2 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-3999
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. La neutralización inapropiada de elementos especiales utilizados en un comando del Sistema Operativo en Druva inSync Windows Client versión 6.5.0, permite a un atacante no autenticado local ejecutar comandos arbitrarios del sistema operativo con privilegios SYSTEM. Druva inSync Windows Client version 6.5.2 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/48400 http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html https://www.tenable.com/security/research/tra-2020-12 https://www.tenable.com/security/research/tra-2020-34 https://github.com/tenable/poc/blob/master/druva/inSync/druva_win_cphwnet64.py https://www.matteomalvica.com/blog/2020/05/21/lpe- • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •