Search...

Photon OS 2.0: Kibana PHSA-2019-2.0-0155

2019-05-15T00:00:00

ID PHOTONOS_PHSA-2019-2_0-0155_KIBANA.NASL
Type nessus
Reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-01-16T00:00:00

Description

An update of the kibana package has been released.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2019-2.0-0155. The text
# itself is copyright (C) VMware, Inc.

include("compat.inc");

if (description)
{
  script_id(125082);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/16");

  script_cve_id("CVE-2019-7610");

  script_name(english:"Photon OS 2.0: Kibana PHSA-2019-2.0-0155");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote PhotonOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"An update of the kibana package has been released.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-155.md");
  script_set_attribute(attribute:"solution", value:
"Update the affected Linux packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7610");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:kibana");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/PhotonOS/release");
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");

if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);

flag = 0;

if (rpm_check(release:"PhotonOS-2.0", reference:"kibana-6.7.0-1.ph2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kibana");
}

JSON Vulners Source

Initial Source

{"id": "PHOTONOS_PHSA-2019-2_0-0155_KIBANA.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Photon OS 2.0: Kibana PHSA-2019-2.0-0155", "description": "An update of the kibana package has been released.", "published": "2019-05-15T00:00:00", "modified": "2020-01-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/125082", "reporter": "This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://github.com/vmware/photon/wiki/Security-Updates-2-155.md", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7610"], "cvelist": ["CVE-2019-7610"], "immutableFields": [], "lastseen": "2021-10-16T00:30:06", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201902-26"]}, {"type": "cve", "idList": ["CVE-2019-7610"]}, {"type": "githubexploit", "idList": ["8269B88D-41F1-5034-8E3C-5ECD3E478547"]}, {"type": "myhack58", "idList": ["MYHACK58:62201993420"]}, {"type": "nessus", "idList": ["701234.PRM", "KIBANA_ESA_2019_01_03.NASL", "REDHAT-RHSA-2019-2860.NASL", "WEB_APPLICATION_SCANNING_98981", "WEB_APPLICATION_SCANNING_98982"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112542", "OPENVAS:1361412562310112543"]}, {"type": "photon", "idList": ["PHSA-2019-0014", "PHSA-2019-0155", "PHSA-2019-0225", "PHSA-2019-1.0-0225", "PHSA-2019-2.0-0155", "PHSA-2019-3.0-0014"]}, {"type": "redhat", "idList": ["RHSA-2019:2860"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-7610"]}, {"type": "threatpost", "idList": ["THREATPOST:0B3F568CF532B4D11A2D561F09E1490F"]}], "rev": 4}, "score": {"value": 6.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201902-26"]}, {"type": "cve", "idList": ["CVE-2019-7610"]}, {"type": "githubexploit", "idList": ["8269B88D-41F1-5034-8E3C-5ECD3E478547"]}, {"type": "myhack58", "idList": ["MYHACK58:62201993420"]}, {"type": "nessus", "idList": ["KIBANA_ESA_2019_01_03.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112542", "OPENVAS:1361412562310112543"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0225", "PHSA-2019-2.0-0155", "PHSA-2019-3.0-0014"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-7610"]}, {"type": "threatpost", "idList": ["THREATPOST:0B3F568CF532B4D11A2D561F09E1490F"]}]}, "exploitation": null, "vulnersScore": 6.7}, "pluginID": "125082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0155. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125082);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/16\");\n\n script_cve_id(\"CVE-2019-7610\");\n\n script_name(english:\"Photon OS 2.0: Kibana PHSA-2019-2.0-0155\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kibana package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-155.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kibana\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"kibana-6.7.0-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kibana\");\n}\n", "naslFamily": "PhotonOS Local Security Checks", "cpe": ["p-cpe:/a:vmware:photonos:kibana", "cpe:/o:vmware:photonos:2.0"], "solution": "Update the affected Linux packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2019-7610", "vpr": {"risk factor": "Medium", "score": "6.5"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-04-29T00:00:00", "vulnerabilityPublicationDate": "2019-03-25T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1645763405}}

{"redhatcve": [{"lastseen": "2022-05-18T16:10:42", "description": "An arbitrary code execution flaw was found in Kibana in versions prior to 5.6.15 and 6.6.1. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-04-09T12:18:10", "type": "redhatcve", "title": "CVE-2019-7610", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7610"], "modified": "2022-05-18T16:09:07", "id": "RH:CVE-2019-7610", "href": "https://access.redhat.com/security/cve/cve-2019-7610", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-24T00:30:37", "description": "Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-03-25T19:29:00", "type": "cve", "title": "CVE-2019-7610", "cwe": ["CWE-77"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7610"], "modified": "2019-07-30T22:15:00", "cpe": [], "id": "CVE-2019-7610", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7610", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "githubexploit": [{"lastseen": "2021-12-10T14:20:41", "description": "# CVE-2019-7609 (Kibana)\n\nKibana\uc758 Timelion visualizer\uc758 \uacb0\ud568\uc73c\ub85c \uc778\ud574 \ub9ac...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-11-04T02:42:40", "type": "githubexploit", "title": "Exploit for Command Injection in Elastic Kibana", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7609", "CVE-2019-7610"], "modified": "2020-06-19T09:31:43", "id": "8269B88D-41F1-5034-8E3C-5ECD3E478547", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "photon": [{"lastseen": "2021-11-03T17:50:28", "description": "An update of {'elasticsearch', 'kibana'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-04-19T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-1.0-0225", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7608", "CVE-2019-7610", "CVE-2019-7611"], "modified": "2019-04-19T00:00:00", "id": "PHSA-2019-1.0-0225", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-225", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-03T21:00:20", "description": "An update of {'kibana', 'elasticsearch'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-04-29T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-2.0-0155", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7608", "CVE-2019-7610", "CVE-2019-7611"], "modified": "2019-04-29T00:00:00", "id": "PHSA-2019-2.0-0155", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-155", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:26:34", "description": "Updates of ['kibana', 'elasticsearch'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-04-29T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0155", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7608", "CVE-2019-7610", "CVE-2019-7611"], "modified": "2019-04-29T00:00:00", "id": "PHSA-2019-0155", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-155", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:04:18", "description": "Updates of ['kibana', 'elasticsearch'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-04-19T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0225", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7608", "CVE-2019-7610", "CVE-2019-7611"], "modified": "2019-04-19T00:00:00", "id": "PHSA-2019-0225", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-225", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-04T09:02:08", "description": "An update of {'elasticsearch', 'kibana', 'openjdk8', 'openssh', 'sqlite', 'mercurial', 'libpng'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2019-05-11T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-3.0-0014", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17983", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2697", "CVE-2019-2698", "CVE-2019-6109", "CVE-2019-6111", "CVE-2019-7317", "CVE-2019-7610", "CVE-2019-7611", "CVE-2019-9937"], "modified": "2019-05-11T00:00:00", "id": "PHSA-2019-3.0-0014", "href": "https://github.com/vmware/photon/wiki/Security-Updates-3.0-0014", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:51:22", "description": "Updates of ['kibana', 'sqlite', 'elasticsearch', 'openssh', 'openjdk8', 'mercurial', 'libpng'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-05-11T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0014", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17983", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2697", "CVE-2019-2698", "CVE-2019-6109", "CVE-2019-6111", "CVE-2019-7317", "CVE-2019-7608", "CVE-2019-7610", "CVE-2019-7611", "CVE-2019-9937"], "modified": "2019-05-11T00:00:00", "id": "PHSA-2019-0014", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-14", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-02-19T12:57:25", "description": "According to its self-reported version number, the Kibana application running on the remote host is prior to 5.6.15 or 6.x prior to 6.6.1. It is, therefore, affected by the following vulnerabilities:\n\n - A cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. (CVE-2019-7608)\n\n - An arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. (CVE-2019-7609)\n\n - An arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. (CVE-2019-7610)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-03-05T00:00:00", "type": "nessus", "title": "Kibana < 5.6.15 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7608", "CVE-2019-7609", "CVE-2019-7610"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98981", "href": "https://www.tenable.com/plugins/was/98981", "sourceData": "No source data", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T12:57:33", "description": "According to its self-reported version number, the Kibana application running on the remote host is prior to 5.6.15 or 6.x prior to 6.6.1. It is, therefore, affected by the following vulnerabilities:\n\n - A cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. (CVE-2019-7608)\n\n - An arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. (CVE-2019-7609)\n\n - An arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. (CVE-2019-7610)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-03-05T00:00:00", "type": "nessus", "title": "Kibana 6.x < 6.6.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7608", "CVE-2019-7609", "CVE-2019-7610"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98982", "href": "https://www.tenable.com/plugins/was/98982", "sourceData": "No source data", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:18:51", "description": "Kibana versions before 5.6.15 and 6.6.1 have the following vulnerabilities:\n\n- A cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. (CVE-2019-7608)\n - An arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. (CVE-2019-7609)\n - An arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. (CVE-2019-7610)", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-10-24T00:00:00", "type": "nessus", "title": "Kibana 5.x < 5.6.15 / 6.x < 6.6.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7608", "CVE-2019-7609", "CVE-2019-7610"], "modified": "2019-10-24T00:00:00", "cpe": ["cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*"], "id": "701234.PRM", "href": "https://www.tenable.com/plugins/nnm/701234", "sourceData": "Binary data 701234.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-21T16:26:10", "description": "An update for kibana is now available for Red Hat OpenShift Container Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains updates to kibana in Red Hat OpenShift Container Platform 4.1.18.\n\nSecurity Fix(es) :\n\n* kibana: Cross-site scripting vulnerability permits perform destructive actions on behalf of other Kibana users (CVE-2019-7608)\n\n* kibana: Arbitrary code execution flaw in the Timelion visualizer (CVE-2019-7609)\n\n* kibana: Audit logging Remote Code Execution issue (CVE-2019-7610)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-09-27T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 4.1.18 (RHSA-2019:2860)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7608", "CVE-2019-7609", "CVE-2019-7610"], "modified": "2022-02-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kibana", "p-cpe:/a:redhat:enterprise_linux:kibana-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2860.NASL", "href": "https://www.tenable.com/plugins/nessus/129396", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2860. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129396);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/25\");\n\n script_cve_id(\"CVE-2019-7608\", \"CVE-2019-7609\", \"CVE-2019-7610\");\n script_xref(name:\"RHSA\", value:\"2019:2860\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/10\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 4.1.18 (RHSA-2019:2860)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for kibana is now available for Red Hat OpenShift Container\nPlatform 4.1.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThis advisory contains updates to kibana in Red Hat OpenShift\nContainer Platform 4.1.18.\n\nSecurity Fix(es) :\n\n* kibana: Cross-site scripting vulnerability permits perform\ndestructive actions on behalf of other Kibana users (CVE-2019-7608)\n\n* kibana: Arbitrary code execution flaw in the Timelion visualizer\n(CVE-2019-7609)\n\n* kibana: Audit logging Remote Code Execution issue (CVE-2019-7610)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7610\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kibana and / or kibana-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7609\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kibana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kibana-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2860\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"atomic-openshift-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenShift\");\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kibana-5.6.16-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kibana-debuginfo-5.6.16-2.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kibana / kibana-debuginfo\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-22T16:12:02", "description": "Kibana versions before 5.6.15 and 6.6.1 have the following vulnerabilities:\n\n - A cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. (CVE-2019-7608)\n\n - An arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. (CVE-2019-7609)\n\n - An arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. (CVE-2019-7610)", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-03-04T00:00:00", "type": "nessus", "title": "Kibana ESA-2019-01, ESA-2019-02, ESA-2019-03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7608", "CVE-2019-7609", "CVE-2019-7610"], "modified": "2022-02-25T00:00:00", "cpe": ["cpe:/a:elasticsearch:kibana"], "id": "KIBANA_ESA_2019_01_03.NASL", "href": "https://www.tenable.com/plugins/nessus/122589", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122589);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/25\");\n\n script_cve_id(\"CVE-2019-7608\", \"CVE-2019-7609\", \"CVE-2019-7610\");\n script_bugtraq_id(107148);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/10\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n\n script_name(english:\"Kibana ESA-2019-01, ESA-2019-02, ESA-2019-03\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a Java application that is vulnerable.\");\n script_set_attribute(attribute:\"description\", value:\n\"Kibana versions before 5.6.15 and 6.6.1 have the following\nvulnerabilities:\n\n - A cross-site scripting (XSS) vulnerability that could\n allow an attacker to obtain sensitive information from\n or perform destructive actions on behalf of other\n Kibana users. (CVE-2019-7608)\n\n - An arbitrary code execution flaw in the Timelion\n visualizer. An attacker with access to the Timelion\n application could send a request that will attempt to\n execute javascript code. This could possibly lead to an\n attacker executing arbitrary commands with permissions\n of the Kibana process on the host system. (CVE-2019-7609)\n\n - An arbitrary code execution flaw in the security audit\n logger. If a Kibana instance has the setting\n xpack.security.audit.enabled set to true, an attacker\n could send a request that will attempt to execute\n javascript code. This could possibly lead to an attacker\n executing arbitrary commands with permissions of the\n Kibana process on the host system. (CVE-2019-7610)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.elastic.co/community/security\");\n script_set_attribute(attribute:\"solution\", value:\n\"Users should upgrade to Kibana version 5.6.15 or 6.6.1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7609\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:elasticsearch:kibana\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kibana_web_detect.nbin\");\n script_require_keys(\"installed_sw/Kibana\");\n script_require_ports(\"Services/www\", 5601);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\napp = \"Kibana\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:5601);\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\n\nconstraints = [\n { \"min_version\" : \"5.0.0\", \"fixed_version\" : \"5.6.15\" },\n { \"min_version\" : \"6.0.0\", \"fixed_version\" : \"6.6.1\" }\n];\n\nflags = { 'xss':TRUE };\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:flags);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2021-07-28T14:34:02", "description": "Arch Linux Security Advisory ASA-201902-26\n==========================================\n\nSeverity: High\nDate : 2019-02-25\nCVE-ID : CVE-2019-7608 CVE-2019-7609 CVE-2019-7610\nPackage : kibana\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-911\n\nSummary\n=======\n\nThe package kibana before version 6.6.1-1 is vulnerable to multiple\nissues including arbitrary code execution and information disclosure.\n\nResolution\n==========\n\nUpgrade to 6.6.1-1.\n\n# pacman -Syu \"kibana>=6.6.1-1\"\n\nThe problems have been fixed upstream in version 6.6.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2019-7608 (information disclosure)\n\nKibana versions before 5.6.15 and 6.6.1 had a cross-site scripting\n(XSS) vulnerability that could allow an attacker to obtain sensitive\ninformation from, or perform destructive actions on behalf of, other\nKibana users.\n\n- CVE-2019-7609 (arbitrary code execution)\n\nKibana versions before 5.6.15 and 6.6.1 contain an arbitrary code\nexecution flaw in the Timelion visualizer. An attacker with access to\nthe Timelion application could send a request that will attempt to\nexecute javascript code. This could possibly lead to an attacker\nexecuting arbitrary commands with permissions of the Kibana process on\nthe host system.\n\n- CVE-2019-7610 (arbitrary code execution)\n\nKibana versions before 5.6.15 and 6.6.1 contain an arbitrary code\nexecution flaw in the security audit logger. If a Kibana instance has\nthe setting xpack.security.audit.enabled set to true, an attacker could\nsend a request that will attempt to execute javascript code. This could\npossibly lead to an attacker executing arbitrary commands with\npermissions of the Kibana process on the host system.\n\nImpact\n======\n\nAn authenticated malicious user can disclose sensitive information or\nexecute arbitrary code.\n\nReferences\n==========\n\nhttps://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077\nhttps://security.archlinux.org/CVE-2019-7608\nhttps://security.archlinux.org/CVE-2019-7609\nhttps://security.archlinux.org/CVE-2019-7610", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-02-25T00:00:00", "type": "archlinux", "title": "[ASA-201902-26] kibana: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7608", "CVE-2019-7609", "CVE-2019-7610"], "modified": "2019-02-25T00:00:00", "id": "ASA-201902-26", "href": "https://security.archlinux.org/ASA-201902-26", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:40:51", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains updates to kibana in Red Hat OpenShift Container Platform 4.1.18.\n\nSecurity Fix(es):\n\n* kibana: Cross-site scripting vulnerability permits perform destructive actions on behalf of other Kibana users (CVE-2019-7608)\n\n* kibana: Arbitrary code execution flaw in the Timelion visualizer (CVE-2019-7609)\n\n* kibana: Audit logging Remote Code Execution issue (CVE-2019-7610)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-09-27T01:30:02", "type": "redhat", "title": "(RHSA-2019:2860) Important: OpenShift Container Platform 4.1.18 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7608", "CVE-2019-7609", "CVE-2019-7610"], "modified": "2019-09-27T01:33:35", "id": "RHSA-2019:2860", "href": "https://access.redhat.com/errata/RHSA-2019:2860", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:32:32", "description": "Kibana is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "openvas", "title": "Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7610", "CVE-2019-7609", "CVE-2019-7608"], "modified": "2019-03-27T00:00:00", "id": "OPENVAS:1361412562310112542", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112542", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions excerpted from a referenced source are Copyright (C)\n# of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112542\");\n script_version(\"2019-03-27T11:28:39+0000\");\n script_tag(name:\"last_modification\", value:\"2019-03-27 11:28:39 +0000 (Wed, 27 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-03-27 11:58:11 +0100 (Wed, 27 Mar 2019)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2019-7608\", \"CVE-2019-7609\", \"CVE-2019-7610\");\n\n script_name(\"Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 Multiple Vulnerabilities (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_elasticsearch_kibana_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Elasticsearch/Kibana/Installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Kibana is prone to multiple vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - A cross-site scripting (XSS) vulnerability (CVE-2019-7608).\n\n - An arbitrary code execution flaw in the Timelion visualizer (CVE-2019-7609).\n\n - An arbitrary code execution flaw in the security audit logger (CVE-2019-7610).\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to obtain sensitive information\n from or perform destructive actions on behalf of other Kibana users.\n\n Furthermore an attacker with access to the Timelion application could send a request that will attempt to execute javascript code.\n This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.\n\n Additionally if a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt\n to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process\n on the host system.\");\n script_tag(name:\"affected\", value:\"Kibana versions before 5.6.15 and 6.0.0 before 6.6.1.\");\n script_tag(name:\"solution\", value:\"Update to version 5.6.15 or 6.6.1 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077\");\n script_xref(name:\"URL\", value:\"https://www.elastic.co/community/security\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:elasticsearch:kibana\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) ) exit( 0 );\n\nversion = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"5.6.15\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"5.6.15\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"6.0.0\", test_version2: \"6.6.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"6.6.1\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:32", "description": "Kibana is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "openvas", "title": "Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7610", "CVE-2019-7609", "CVE-2019-7608"], "modified": "2019-03-27T00:00:00", "id": "OPENVAS:1361412562310112543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112543", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions excerpted from a referenced source are Copyright (C)\n# of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112543\");\n script_version(\"2019-03-27T11:28:39+0000\");\n script_tag(name:\"last_modification\", value:\"2019-03-27 11:28:39 +0000 (Wed, 27 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-03-27 11:58:11 +0100 (Wed, 27 Mar 2019)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2019-7608\", \"CVE-2019-7609\", \"CVE-2019-7610\");\n\n script_name(\"Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 Multiple Vulnerabilities (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_elasticsearch_kibana_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Elasticsearch/Kibana/Installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Kibana is prone to multiple vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - A cross-site scripting (XSS) vulnerability (CVE-2019-7608).\n\n - An arbitrary code execution flaw in the Timelion visualizer (CVE-2019-7609).\n\n - An arbitrary code execution flaw in the security audit logger (CVE-2019-7610).\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to obtain sensitive information\n from or perform destructive actions on behalf of other Kibana users.\n\n Furthermore an attacker with access to the Timelion application could send a request that will attempt to execute javascript code.\n This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.\n\n Additionally if a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt\n to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process\n on the host system.\");\n script_tag(name:\"affected\", value:\"Kibana versions before 5.6.15 and 6.0.0 before 6.6.1.\");\n script_tag(name:\"solution\", value:\"Update to version 5.6.15 or 6.6.1 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077\");\n script_xref(name:\"URL\", value:\"https://www.elastic.co/community/security\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:elasticsearch:kibana\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) ) exit( 0 );\n\nversion = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"5.6.15\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"5.6.15\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"6.0.0\", test_version2: \"6.6.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"6.6.1\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "myhack58": [{"lastseen": "2019-03-30T00:37:10", "description": "On Wednesday, Cisco Systems Inc. posted a 26 the patch, including its IOS-XE operating system and two small business RV320 and RV325 router of bug fixes. A total of 19 vulnerabilities is Cisco rated the severity level, other vulnerabilities were rated medium level. In the high severity vulnerabilities, 15 with the Cisco Internet[operating system](<http://www.myhack58.com/Article/48/Article_048_1.htm>)\uff08IOS XE correlation, which runs on Cisco network devices, such as switches, controllers and routers. Vulnerability types include privilege escalation, injection and denial of service vulnerabilities.\n\nCisco also released four other vulnerability information, including: Moodle mybackpack features server-side request forgery vulnerability, CVE-2019-3809, may allow a remote, unauthenticated attacker on the target system for the server-side request forgery attacks; in the Elastic Kibana security audit logger, found a second serious vulnerability that could lead to arbitrary code execution\uff08CVE-2019-7610; the Python urllib security bypass vulnerability, CVE-2019-9948; the Elastic Kibana Timelion Visualizer arbitrary code execution vulnerability, CVE-2019-7609-in.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-03-30T00:00:00", "title": "Cisco release a lot of patches, fixes IOS XE, and small business routing vulnerability-vulnerability warning-the black bar safety net", "type": "myhack58", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3809", "CVE-2019-7610", "CVE-2019-7609", "CVE-2019-9948"], "modified": "2019-03-30T00:00:00", "id": "MYHACK58:62201993420", "href": "http://www.myhack58.com/Article/html/3/62/2019/93420.htm", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2020-03-08T12:01:01", "description": "UDPATE\n\nCisco Systems issued [24 patches Wednesday](<https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities>) tied to vulnerabilities in its IOS XE operating system and warned customers that two small business routers (RV320 and RV325) are vulnerable to attack and that no patches are available for either. A total of 19 of the bugs were rated high severity by Cisco, with the others rated medium.\n\nThe two router vulnerabilities are rated high and are part of Cisco\u2019s Dual Gigabit WAN VPN RV320 and RV325 line of small business routers. Both router flaws were first patched in January, however Cisco said on Wednesday that both patches were \u201cincomplete\u201d and that both routers were still vulnerable to attack. It added in both cases that, \u201cfirmware updates that address [these vulnerabilities] are not currently available.\u201d It added there are no workarounds that address either vulnerability.\n\nOne of the router flaws ([CVE-2019-1652](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject>)) is a command injection vulnerability \u201cdue to improper validation of user-supplied input,\u201d Cisco wrote. The bug could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.\n\nThe second router bug ([CVE-2019-1653](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info>)) is an information disclosure vulnerability also impacting Cisco Small Business RV320 and RV325 routers. \u201cA vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information,\u201d Cisco wrote.\n\n**IOS XE Bugs**\n\nOf the high severity vulnerabilities 15 were tied to Cisco\u2019s Internetworking Operating System (IOS) XE, which runs on Cisco networking gear such as its switches, controllers and routers. Bugs ranged from privilege escalation, injection and denial of service vulnerabilities.\n\nOne bug ([CVE-2019-1745](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xecmd>)) is a Cisco IOS XE software command injection vulnerability. According to Cisco, the vulnerability could be exploited by a local adversary that could inject arbitrary commands into the OS that are executed with elevated privileges.\n\n\u201cThe vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device,\u201d wrote Cisco.\n\nThe two command injection patches ([CVE-2019-1756](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinject>), [CVE-2019-1755](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinject>)) allow a remote authenticated attacker to execute commands on devices running the vulnerable Cisco IOS XE software.\n\n\u201cThe vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI,\u201d Cisco said of CVE-2019-1756.\n\n**Four Critical Non-Cisco Bugs Also Reported **\n\nAs part of its flurry of patch announcements, Cisco also posted information regarding four vulnerabilities rated critical for non-Cisco products. The critical bugs include:\n\nMoodle mybackpack functionality server side request forgery vulnerability ([CVE-2019-3809](<https://tools.cisco.com/security/center/viewAlert.x?alertId=59842>)) that could allow an unauthenticated, remote attacker to conduct a server side request forgery attack on a targeted system.\n\nA second critical vulnerability was found in Elastic Kibana Security Audit Logger that could lead to an arbitrary code execution ([CVE-2019-7610](<https://tools.cisco.com/security/center/viewAlert.x?alertId=59833>)).\n\nCisco also reported a Python urllib security bypass vulnerability ([CVE-2019-9948](<https://tools.cisco.com/security/center/viewAlert.x?alertId=59825>)) and a Elastic Kibana Timelion Visualizer arbitrary code execution vulnerability ([CVE-2019-7609](<https://tools.cisco.com/security/center/viewAlert.x?alertId=59832>)).\n\n_(This article was updated at 11pm EDT 3/27 to reflect more accurately a lack of patches available for the Cisco RV320 and RV325 routers)_\n", "cvss3": {}, "published": "2019-03-27T21:48:15", "type": "threatpost", "title": "Cisco Releases Flood of Patches for IOS XE, But Leaves Some Routers Open to Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2019-1652", "CVE-2019-1653", "CVE-2019-1745", "CVE-2019-1755", "CVE-2019-1756", "CVE-2019-3809", "CVE-2019-7609", "CVE-2019-7610", "CVE-2019-9948"], "modified": "2019-03-27T21:48:15", "id": "THREATPOST:0B3F568CF532B4D11A2D561F09E1490F", "href": "https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}