Command injection

2019-06-1916:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

42.0%

JSON

OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.

CPENameOperatorVersion
onappeq6.0 update-62
onappeq6.0 update-80
onappeq6.0 update-98
onappeq6.0 update-122
onappeq6.0 update-152
onappeq6.0 update-159
onappeq5.0.0
onappeq5.0.0 update-79
onappeq5.0.0 update-82
onappeq5.0.0 update-83

Name	Operator	Version
onapp	eq	6.0 update-62
onapp	eq	6.0 update-80
onapp	eq	6.0 update-98
onapp	eq	6.0 update-122
onapp	eq	6.0 update-152
onapp	eq	6.0 update-159
onapp	eq	5.0.0
onapp	eq	5.0.0 update-79
onapp	eq	5.0.0 update-82
onapp	eq	5.0.0 update-83