H3C Security Vulnerability - Bash security vulnerability- CVE-2019-9924
04-02-2021【Summary】
Rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
【Impact】
This security vulnerability may result in an attacker executing arbitrary commands with shell privileges.
【Software Versions and Fixes】
Product Name | Affected Version | Resolved Product and Version |
License Server | All | TBC |
ADWAN | All | TBC |
VNFM | All | TBC |
SDN Controller(VCFC) | All | TBC |
NFVO | All | TBC |
SecPath D2000-G | All | TBR before 2020-01-31 |
H3Cloud OS | All | TBC |
H3Cloud CMP | All | TBC |
H3C Data X | All | D006 |
ADE | All | E0105 |
DI | All | E0108 |
H3C DataEngine DG | All | D008 |
DataEngine | All | TBR before 2020-01-31 |
【Temporary Fix】
None
【Revision History】
2019-11-30 V1.0 INITIAL
H3C advocates that every effort be made to safeguard the ultimate interests of product users, to abide by principles of responsible disclosure of security incidents, and to handle product security issues in accordance with security issues mechanisms. For information on H3C's security emergency response service and H3C product vulnerabilities, please visithttps://www.h3c.com/en/Support/Online_Help/psirt/.