Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-12928OS Command Injection in Qemu

CWE-78OS Command InjectionCWE-668Resource Exposure9 documents7 sources
Severity
9.8CRITICALNVD
EPSS
54.1%
top 1.98%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
QemuDebian Qemu
Timeline
PublishedJun 24
Latest updateMay 24

Description

The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDqemu/qemu4.0.0
debiandebian/qemu

🔴Vulnerability Details

2
GHSA
GHSA-pwcf-p9qx-3948: The QMP migrate command in QEMU version 42022-05-24
OSV
CVE-2019-12928: The QMP migrate command in QEMU version 42019-06-24

💥Exploits & PoCs

1
Metasploit
QEMU Monitor HMP 'migrate' Command Execution

📋Vendor Advisories

2
Red Hat
QEMU: QMP migrate command execution issue2019-06-05
Debian
CVE-2019-12928: qemu - The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS co...2019

💬Community

3
Bugzilla
CVE-2019-12928 QEMU: QMP migrate command execution issue2019-06-27
Bugzilla
CVE-2019-12928 qemu: QEMU machine protocol migrate command execution [fedora-all]2019-06-27
Bugzilla
CVE-2019-12928 qemu: QEMU machine protocol migrate command execution [epel-7]2019-06-27