cbcvebase.
CVE-2019-17503
published 2019-10-11

CVE-2019-17503: An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd)…

PriorityP180medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
49.24%
98.7th percentile
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.

Affected

1 ranges
VendorProductVersion rangeFixed in
kironadynamic_resource_scheduling

Detection & IOCsextracted from sources · hover to see the quote

path/osm/REGISTER.cmd
path/osm_tiles/REGISTER.cmd
filenameREGISTER.cmd
otherDEBUGMAPSCRIPT=TRUE
  • Send an unauthenticated HTTP GET request to /osm/REGISTER.cmd and /osm_tiles/REGISTER.cmd; a vulnerable server returns HTTP 200 with a response body containing both '@echo off' and 'DEBUGMAPSCRIPT=TRUE', indicating the batch file is publicly accessible.
  • The exposed REGISTER.cmd file reveals MySQL credentials and connection parameters via environment variables (%MYSQL_LOGIN%, %MYSQL_PASSWORD%, %MYSQL_TCP_PORT%) embedded in plaintext SQL invocation lines, enabling further database compromise.
  • Use the Shodan dork '/opt-portal/pages/login.xhtml' to identify internet-exposed Kirona DRS instances that may be vulnerable.
  • The vulnerable server response includes the header 'X-Powered-By: PHP/5.6.14' and 'Server: Apache', which can help fingerprint affected installations.
  • ·The Nuclei template issues two requests (to both /osm/REGISTER.cmd and /osm_tiles/REGISTER.cmd) since either path alias may be accessible depending on server configuration.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.