The vulnerability in the web interface of the Exhibitor service for managing ZooKeeper instances allows a attacker to execute arbitrary commands.

🗓️ 17 Dec 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Exhibitor interface for ZooKeeper management has vulnerability enabling remote command execution.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2019-5029	14 Dec 202300:02	–	circl
CNVD	Exhibitor Command Injection Vulnerability	14 Nov 201900:00	–	cnvd
Check Point Advisories	Soabase Exhibitor UI Config Command Injection (CVE-2019-5029)	16 Feb 202100:00	–	checkpoint_advisories
CVE	CVE-2019-5029	13 Nov 201922:34	–	cve
Cvelist	CVE-2019-5029	13 Nov 201922:34	–	cvelist
Exploit DB	Exhibitor Web UI 1.7.1 - Remote Code Execution	7 Jul 202000:00	–	exploitdb
NVD	CVE-2019-5029	13 Nov 201923:15	–	nvd
OpenVAS	Exhibitor 1.0.9 <= 1.7.1 RCE Vulnerability	26 Nov 201900:00	–	openvas
Prion	Command injection	13 Nov 201923:15	–	prion
RedhatCVE	CVE-2019-5029	5 Feb 202517:53	–	redhatcve

Vulners

Node

exhibitor exhibitorRange1.0.9–1.7.1

Source	Link
securitylab	www.securitylab.ru/vulnerability/502571.php
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-5029
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2019-0790
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2019111418
web	www.web.nvd.nist.gov/view/vuln/detail

17 Dec 2019 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 39.8

CVSS 210

EPSS0.88415

Exhibitor ZooKeeper management remote command execution vulnerability