8.5
CVSSv2

CVE-2019-12491

Published: 19/06/2019 Updated: 21/06/2019
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
CVSS v3 Base Score: 6.6 | Impact Score: 5.9 | Exploitability Score: 0.7
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Summary

OnApp prior to 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an malicious user to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.

Vulnerability Trend

Affected Products

Vendor Product Versions
OnappOnapp5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 6.0, 6.0.0

Github Repositories