CVE-2019-7669
published 2019-07-01CVE-2019-7669: Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to…
PriorityP267high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
31.42%
98.1th percentile
Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| primasystems | flexair | <= 2.3.38 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xjxr-9f3w-9hc2: Prima Systems FlexAir devices allow Unauthenticated Command Injection resulting in Root Remote Code Execution
ghsa_unreviewed·2022-05-24
CVE-2019-7669 [CRITICAL] CWE-434 GHSA-xjxr-9f3w-9hc2: Prima Systems FlexAir devices allow Unauthenticated Command Injection resulting in Root Remote Code Execution
Prima Systems FlexAir devices allow Unauthenticated Command Injection resulting in Root Remote Code Execution.
CISA ICS
Prima Systems FlexAir
cisa_ics·2019-07-30·CVSS 7.2
[HIGH] Prima Systems FlexAir
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Prima Systems FlexAir
Last RevisedJuly 30, 2019
Alert CodeICSA-19-211-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Prima Systems
- Equipment: FlexAir
- Vulnerabilities: OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, Use of Hard-coded Credentials
## 2. RISK EVALUATION
Exploitation of these vulnerabilities may allow an attacke
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-8322 rubygems: Escape sequence injection vulnerability in gem owner
bugzilla·2019-03-25·CVSS 7.5
CVE-2019-8322 [HIGH] CVE-2019-8322 rubygems: Escape sequence injection vulnerability in gem owner
CVE-2019-8322 rubygems: Escape sequence injection vulnerability in gem owner
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
Upstream patch:
https://bugs.ruby-lang.org/attachments/7669
References:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
Discussion:
Created rubygems tracking bugs for this issue:
Affects: fedora-all [bug 1692530]
---
Flaw is in owner_command.rb
```ruby
with_response response do |resp|
owners = Gem::SafeYAML.load clean_text(resp.body)
say "Owners for gem: #{name}"
owners.each do |o
Bugzilla
CVE-2019-8325 rubygems: Escape sequence injection vulnerability in errors
bugzilla·2019-03-25·CVSS 7.5
CVE-2019-8325 [HIGH] CVE-2019-8325 rubygems: Escape sequence injection vulnerability in errors
CVE-2019-8325 rubygems: Escape sequence injection vulnerability in errors
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
Upstream patch:
https://bugs.ruby-lang.org/attachments/7669
References:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
Discussion:
Created rubygems tracking bugs for this issue:
Affects: fedora-all [bug 1692530]
---
Flaws are from lib/rubygems/command_manager.rb in the changeset.
As an example:
```
alert_error "While executing gem ... (#{ex.class})\n #{ex}"
```
to
```
alert_error clean_text("
Bugzilla
CVE-2019-8323 rubygems: Escape sequence injection vulnerability in API response handling
bugzilla·2019-03-25·CVSS 7.5
CVE-2019-8323 [HIGH] CVE-2019-8323 rubygems: Escape sequence injection vulnerability in API response handling
CVE-2019-8323 rubygems: Escape sequence injection vulnerability in API response handling
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.
Upstream patch:
https://bugs.ruby-lang.org/attachments/7669
References:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
Discussion:
Created rubygems tracking bugs for this issue:
Affects: fedora-all [bug 1692530]
---
Flaws are in gemcutter_utilities.rb
One example:
```ruby
if block_given? then
yield response
else
say response.body
```
---
This issue ha
http://packetstormsecurity.com/files/155270/FlexAir-Access-Control-2.3.38-Command-Injection.htmlhttps://applied-risk.com/labs/advisorieshttps://www.applied-risk.com/resources/ar-2019-007https://www.us-cert.gov/ics/advisories/icsa-19-211-02http://packetstormsecurity.com/files/155270/FlexAir-Access-Control-2.3.38-Command-Injection.htmlhttps://applied-risk.com/labs/advisorieshttps://www.applied-risk.com/resources/ar-2019-007https://www.us-cert.gov/ics/advisories/icsa-19-211-02
2019-07-01
Published