Lucene search

K
cve[email protected]CVE-2019-12491
HistoryJun 19, 2019 - 4:15 p.m.

CVE-2019-12491

2019-06-1916:15:11
web.nvd.nist.gov
78
onapp
cve-2019-12491
security vulnerability
arbitrary commands
root privileges
xen
kvm
hypervisors
nvd

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

8.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

42.0%

OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.

Affected configurations

NVD
Node
onapponappMatch5.0.0-
OR
onapponappMatch5.0.0update_79
OR
onapponappMatch5.0.0update_82
OR
onapponappMatch5.0.0update_83
OR
onapponappMatch5.0.0update_87
OR
onapponappMatch5.1.0-
OR
onapponappMatch5.1.0update_16
OR
onapponappMatch5.2.0-
OR
onapponappMatch5.3.0-
OR
onapponappMatch5.3.0update_41
OR
onapponappMatch5.4.0-
OR
onapponappMatch5.4.0update_66
OR
onapponappMatch5.4.0update_70
OR
onapponappMatch5.4.0update_72
OR
onapponappMatch5.4.0update_76
OR
onapponappMatch5.4.0update_82
OR
onapponappMatch5.4.0update_84
OR
onapponappMatch5.5.0-
OR
onapponappMatch5.5.0update_50
OR
onapponappMatch5.5.0update_59
OR
onapponappMatch5.5.0update_65
OR
onapponappMatch5.5.0update_75
OR
onapponappMatch5.5.0update_80
OR
onapponappMatch5.5.0update_83
OR
onapponappMatch5.5.0update_87
OR
onapponappMatch5.5.0update_90
OR
onapponappMatch5.5.0update_92
OR
onapponappMatch5.6.0-
OR
onapponappMatch5.6.0update_83
OR
onapponappMatch5.7.0-
OR
onapponappMatch5.8.0-
OR
onapponappMatch5.9.0-
OR
onapponappMatch5.10.0-
OR
onapponappMatch6.0update_122
OR
onapponappMatch6.0update_152
OR
onapponappMatch6.0update_159
OR
onapponappMatch6.0update_62
OR
onapponappMatch6.0update_80
OR
onapponappMatch6.0update_98
OR
onapponappMatch6.0.0-

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

8.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

42.0%