exploitDog

CVE-2019-19019

Опубликовано: 02 дек. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 8.5

EPSS Низкий

Описание

An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product.

Ссылки

https://write-up.github.io/webtitan/
Exploit
Third Party Advisory
https://www.webtitan.com/resources/product-updates/
Release Notes
Vendor Advisory
https://write-up.github.io/webtitan/
Exploit
Third Party Advisory
https://www.webtitan.com/resources/product-updates/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:titanhq:webtitan:*:*:*:*:*:*:*:*

Версия до 5.18 (исключая)

EPSS

Процентиль: 73%

0.00761

Низкий

7.5 High

CVSS3

8.5 High

CVSS2

Дефекты

CWE-346

Связанные уязвимости

GHSA-vm4v-px5q-m49v

CVSS3: 7.5

github

больше 3 лет назад

An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product.

EPSS

Процентиль: 73%

0.00761

Низкий

7.5 High

CVSS3

8.5 High

CVSS2

Дефекты

CWE-346