CVE-2019-17562

CWE-119 — Buffer Overflow CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.8CRITICAL

EPSS

1.9%

top 16.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Cloudstack

Timeline

PublishedMay 14

Latest updateMay 24

Description

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this iss…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDapache/cloudstack< 4.13.1.0

▶CVEListV5apache_cloudstackApache CloudStack all versions up to 4.13.0.0

🔴Vulnerability Details

GHSA

GHSA-2x2h-mgrr-fp68: A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack↗2022-05-24

▶

CVEList

CVE-2019-17562: A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack↗2020-05-14

▶