CVE-2019-3999

Summary

Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.

Affected Software

VendorProductVersion RangeStatus
n/aDruva inSync Windows Client6.5.0affected

Weaknesses

  • Unauthenticated OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References