CVE-2019-9508

Vertiv Avocent UMG-4000 version 4.2.1.19 web interface is vulnerable to stored cross site scripting

Description

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page.

Remediation

Solution:

  • Vertiv Avocent has released patches for these vulnerabilities. Trellis customers of the UMG running firmware v4.2.0.23 that are operating Trellis v5.0.2 through 5.0.6 and all Non-Trellis UMG customers should install the update patch found https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ . Trellis users of the UMG that are operating Trellis v5.0.6 and later should install Universal Gateway firmware version 4.3.0.23 found https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ .

Category

6.3
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.12%
Vendor Advisory vertiv.com Vendor Advisory vertiv.com
Affected: Vertiv Avocent UMG-4000
Published at:
Updated at:

References

Link Tags
https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ vendor advisory
https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ vendor advisory

Frequently Asked Questions

What is the severity of CVE-2019-9508?
CVE-2019-9508 has been scored as a medium severity vulnerability.
How to fix CVE-2019-9508?
To fix CVE-2019-9508: Vertiv Avocent has released patches for these vulnerabilities. Trellis customers of the UMG running firmware v4.2.0.23 that are operating Trellis v5.0.2 through 5.0.6 and all Non-Trellis UMG customers should install the update patch found https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ . Trellis users of the UMG that are operating Trellis v5.0.6 and later should install Universal Gateway firmware version 4.3.0.23 found https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ .
Is CVE-2019-9508 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2019-9508 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-9508?
CVE-2019-9508 affects Vertiv Avocent UMG-4000.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.