Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-12491
HistoryJun 19, 2019 - 4:15 p.m.

CVE-2019-12491

2019-06-1916:15:11
[email protected]
web.nvd.nist.gov
78
onapp
cve-2019-12491
security vulnerability
arbitrary commands
root privileges
xen
kvm
hypervisors
nvd

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

8.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

42.0%

JSON

OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.

Affected configurations

NVD
Node
onapponappMatch5.0.0-
OR
onapponappMatch5.0.0update_79
OR
onapponappMatch5.0.0update_82
OR
onapponappMatch5.0.0update_83
OR
onapponappMatch5.0.0update_87
OR
onapponappMatch5.1.0-
OR
onapponappMatch5.1.0update_16
OR
onapponappMatch5.2.0-
OR
onapponappMatch5.3.0-
OR
onapponappMatch5.3.0update_41
OR
onapponappMatch5.4.0-
OR
onapponappMatch5.4.0update_66
OR
onapponappMatch5.4.0update_70
OR
onapponappMatch5.4.0update_72
OR
onapponappMatch5.4.0update_76
OR
onapponappMatch5.4.0update_82
OR
onapponappMatch5.4.0update_84
OR
onapponappMatch5.5.0-
OR
onapponappMatch5.5.0update_50
OR
onapponappMatch5.5.0update_59
OR
onapponappMatch5.5.0update_65
OR
onapponappMatch5.5.0update_75
OR
onapponappMatch5.5.0update_80
OR
onapponappMatch5.5.0update_83
OR
onapponappMatch5.5.0update_87
OR
onapponappMatch5.5.0update_90
OR
onapponappMatch5.5.0update_92
OR
onapponappMatch5.6.0-
OR
onapponappMatch5.6.0update_83
OR
onapponappMatch5.7.0-
OR
onapponappMatch5.8.0-
OR
onapponappMatch5.9.0-
OR
onapponappMatch5.10.0-
OR
onapponappMatch6.0update_122
OR
onapponappMatch6.0update_152
OR
onapponappMatch6.0update_159
OR
onapponappMatch6.0update_62
OR
onapponappMatch6.0update_80
OR
onapponappMatch6.0update_98
OR
onapponappMatch6.0.0-

Related

kitploit 1
nvd 1
cvelist 1
prion 1
symantec 1
malwarebytes 1
kitploit
kitploit
packetStrider - A Network Packet Forensics Tool For SSH
2021-03-07 11:30:00
nvd
nvd
CVE-2019-12491
2019-06-19 16:15:11
cvelist
cvelist
CVE-2019-12491
2019-06-19 15:42:37
prion
prion
Command injection
2019-06-19 16:15:00
symantec
symantec
OnApp CVE-2019-12491 Command Execution Vulnerability
2019-06-06 00:00:00
malwarebytes
malwarebytes
Securing the managed service provider (MSP)
2019-10-11 18:04:49

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

8.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

42.0%

JSON
Related for CVE-2019-12491
kitploit1nvd1cvelist1prion1symantec1malwarebytes1