CVE-2019-9507— The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to arbitrary remote code execution
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-9507
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to arbitrary remote code execution
Source: NVD (National Vulnerability Database)
Vulnerability Description
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Vertiv Avocent UMG-4000 命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Vertiv Avocent UMG-4000是美国维谛技术(Vertiv)公司的一款通用管理网关设备。该产品支持实时管理、监控、访问和控制IT设备和基础设施。 Vertiv Avocent UMG-4000 4.2.1.19版本中的Web接口存在命令注入漏洞。远程攻击者可利用该漏洞以root权限执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Vertiv | Avocent UMG-4000 | 4.2.1.19 | - |
II. Public POCs for CVE-2019-9507
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-9507
请登录查看更多情报信息。
Same Patch Batch · Vertiv · 2020-03-30 · 3 CVEs total
| CVE-2019-9508 | 6.3 MEDIUM | Vertiv Avocent UMG-4000 version 4.2.1.19 web interface is vulnerable to stored cross site |
| CVE-2019-9509 | 6.3 MEDIUM | The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflect |
IV. Related Vulnerabilities
Same vendor: Vertiv
- CVE-2022-50927
Cyclades Serial Console Server 3.3.0 - Local Privilege Escal - CVE-2025-41426
Vertiv Liebert RDU101 and UNITY Stack-based Buffer Overflow - CVE-2025-46412
Vertiv Liebert RDU101 and UNITY Authentication Bypass Using - CVE-2019-9509
The web interface of the Vertiv Avocent UMG-4000 version 4.2 - CVE-2019-9508
Vertiv Avocent UMG-4000 version 4.2.1.19 web interface is vu
Same weakness: CWE-95
- CVE-2026-44128
Unauthenticated Remote Code Execution - CVE-2026-42079
PPTAgent: Arbitrary Code Execution via Python eval() of LLM- - CVE-2026-6652
Pagekit CMS StringStorage Template PhpEngine.php evaluate ev - CVE-2026-33618
Chamilo LMS Affected by Remote Code Execution via eval() in - CVE-2026-5971
FoundationAgents MetaGPT XML action_node.py ActionNode.xml_f
V. Comments for CVE-2019-9507
No comments yet