CVE-2019-12491
Published Jun 19, 2019
Last updated 4 years ago
Overview
- Description
- OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.6
- Impact score
- 5.9
- Exploitability score
- 0.7
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 8.5
- Impact score
- 10
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:onapp:onapp:5.0.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69BF3143-8278-44A5-BB1E-8462AFAE6287"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.0.0:update_79:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87B6C40F-79D8-4F42-826B-A17EE058F840"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.0.0:update_82:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A1B417A-3F71-4C50-A401-22BEA5B9900D"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.0.0:update_83:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF369ABD-A067-4F88-9701-B1D29D8C9C8C"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.0.0:update_87:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B7F41F4-D1A1-4D96-A34F-4DD9CC5BFF88"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.1.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CDD6842-61D8-45F8-8E09-59C879EFFA57"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.1.0:update_16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78A46C1B-EBD7-4F55-BDFB-2C5FE3346645"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.2.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9C410DD-DDDB-494B-85AA-D57E7C2EEF5A"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.3.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58733EB6-0FD5-44FE-A945-EF1C51DEB393"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.3.0:update_41:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51A425DD-0C54-4A4E-8C19-584B79A40EC0"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.4.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC8502AE-F953-4F55-86A0-42778C3ADD47"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.4.0:update_66:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E1DE84C-797A-4D82-B720-4974D9913FAC"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.4.0:update_70:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49A0F175-D2B5-43EA-9C96-F744A5E65D54"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.4.0:update_72:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E36D51F2-239B-4811-85B7-08B9DAE6E5F5"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.4.0:update_76:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEB6DAEB-849F-45B6-9DED-D62C51BFF98E"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.4.0:update_82:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77D77706-2F27-4627-BD2F-C62864A34299"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.4.0:update_84:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01D036DF-93D1-47A4-A777-883BEDF98B30"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.5.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "975A8215-3F78-4DF2-BC87-29AB082BD61A"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.5.0:update_50:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEA161ED-B632-4C8B-8E25-D2E1F36C3E9B"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.5.0:update_59:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9ED8855-F152-4D49-B46B-7280DE737D6C"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.5.0:update_65:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C5A9584-2CBA-41C0-BADF-9D3670D2CBD1"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.5.0:update_75:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFD915B0-7AD7-4D5F-A403-CDCDF1944A54"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.5.0:update_80:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF1AC10E-BA79-4004-8282-492A3177F689"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.5.0:update_83:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FDD17AA-5692-4436-BC02-AAF19D557465"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.5.0:update_87:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28C048A2-0D03-493B-960F-47BA7BC02D36"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.5.0:update_90:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BAD77CE0-0772-4826-A30A-A1452BD1205B"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.5.0:update_92:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C337521B-6DFF-4447-9FA0-FDCC5F6A19F1"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.6.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F5CC2B4-3D43-4288-B3D1-AE60056AEFAD"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.6.0:update_83:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9B4D1BD-054A-4063-A7F4-2B7671A6ADD9"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.7.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FE7B614-42CC-4DDF-AE9B-DE63C0B2086C"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.8.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E571EC0-2A81-4043-A4C6-6B99D23B1894"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.9.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0432345-33B6-4513-8F10-A858722C85BC"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:5.10.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CA56794-CDBC-4F05-8250-4050C00053B1"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:6.0:update_122:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D796CB9-2C7C-4A26-BE66-3E0F5EAF2827"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:6.0:update_152:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B76B395-3E2E-4DEC-A0F0-74BDA785D23C"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:6.0:update_159:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "180E2DE5-6885-4C68-B07B-404AF16B4182"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:6.0:update_62:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CABB0B6-CE8C-47F1-A392-97FA4A4A4B7B"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:6.0:update_80:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DC4588B-6E6D-457D-B895-34D3E63CDA3F"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:6.0:update_98:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7992AA07-B6C1-474F-A07B-52E8C175A91C"
},
{
"criteria": "cpe:2.3:a:onapp:onapp:6.0.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB1227A4-F5A2-49DF-A689-F0AD5FF759D8"
}
],
"operator": "OR"
}
]
}
]