CVE-2019-12929OS Command Injection in Qemu

CWE-78OS Command InjectionCWE-668Resource Exposure8 documents6 sources
Severity
9.8CRITICALNVD
EPSS
3.4%
top 12.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
QemuDebian Qemu
Timeline
PublishedJun 24
Latest updateMay 24

Description

The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDqemu/qemu4.0.0
debiandebian/qemu

🔴Vulnerability Details

2
GHSA
GHSA-mmfj-9vc2-fw9p: The QMP guest_exec command in QEMU 42022-05-24
OSV
CVE-2019-12929: The QMP guest_exec command in QEMU 42019-06-24

📋Vendor Advisories

2
Red Hat
QEMU: guest agent guest_exec command execution2019-06-06
Debian
CVE-2019-12929: qemu - The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command inje...2019

💬Community

3
Bugzilla
CVE-2019-12929 qemu: QEMU guest agent guest_exec command execution [epel-7]2019-06-27
Bugzilla
CVE-2019-12929 qemu: QEMU guest agent guest_exec command execution [fedora-all]2019-06-27
Bugzilla
CVE-2019-12929 QEMU: guest agent guest_exec command execution2019-06-27