Vulnerability Description
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Code42 | Code42 For Enterprise | >= 6.7, < 6.7.5 |
| Code42 | Crashplan For Small Business | >= 6.7, < 6.7.5 |
Related Weaknesses (CWE)
References
- https://bordplate.no/blog/en/post/crashplan-privilege-escalation/ExploitThird Party Advisory
- https://code42.com/r/support/CVE-2019-11552Vendor Advisory
- https://bordplate.no/blog/en/post/crashplan-privilege-escalation/ExploitThird Party Advisory
- https://code42.com/r/support/CVE-2019-11552Vendor Advisory
FAQ
What is CVE-2019-11552?
CVE-2019-11552 is a vulnerability with a CVSS score of 7.0 (HIGH). Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser p...
How severe is CVE-2019-11552?
CVE-2019-11552 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11552?
Check the references section above for vendor advisories and patch information. Affected products include: Code42 Code42 For Enterprise, Code42 Crashplan For Small Business.