rssh Restriction Bypass Arbitrary Shell Command Execution Vulnerability



A vulnerability in PizzaShack rssh could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system.

The vulnerability is due to insufficient sanitization of arguments when passed to rsync. An attacker could exploit this vulnerability by passing
arguments to rsync. A successful exploit could allow the attacker to bypass rsync restrictions
and execute arbitrary shell commands on the targeted system.

PizzaShack has not confirmed the vulnerability and software updates are not available.

Security Impact Rating: Critical

CVE: CVE-2019-3463

Source:: Cisco Multivendor Vulnerability Alerts