Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-12491

Опубликовано: 19 июн. 2019
Источник: nvd
CVSS3: 6.6
CVSS2: 8.5
EPSS Низкий

Описание

OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:onapp:onapp:5.0.0:-:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.0.0:update_79:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.0.0:update_82:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.0.0:update_83:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.0.0:update_87:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.1.0:-:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.1.0:update_16:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.2.0:-:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.3.0:-:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.3.0:update_41:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.4.0:-:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.4.0:update_66:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.4.0:update_70:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.4.0:update_72:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.4.0:update_76:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.4.0:update_82:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.4.0:update_84:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.5.0:-:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.5.0:update_50:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.5.0:update_59:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.5.0:update_65:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.5.0:update_75:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.5.0:update_80:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.5.0:update_83:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.5.0:update_87:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.5.0:update_90:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.5.0:update_92:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.6.0:-:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.6.0:update_83:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.7.0:-:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.8.0:-:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.9.0:-:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:5.10.0:-:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:6.0:update_122:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:6.0:update_152:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:6.0:update_159:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:6.0:update_62:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:6.0:update_80:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:6.0:update_98:*:*:*:*:*:*
cpe:2.3:a:onapp:onapp:6.0.0:-:*:*:*:*:*:*

EPSS

Процентиль: 54%
0.00315
Низкий

6.6 Medium

CVSS3

8.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-4hwf-q27j-2mmh

CVSS3: 6.6
github
больше 3 лет назад

OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.

EPSS

Процентиль: 54%
0.00315
Низкий

6.6 Medium

CVSS3

8.5 High

CVSS2

Дефекты

NVD-CWE-noinfo