CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

CVSS v3 5.6 MEDIUM
CVSS v2.0 4.6 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0216	Patch Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0218	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905	Issue Tracking Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0216	Patch Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0218	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905	Issue Tracking Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:ansible_engine::::::::
	cpe:2.3:a:redhat:ansible_engine::::::::
	cpe:2.3:a:redhat:ansible_engine::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:ansible_tower:3.0.0:::::::*
	cpe:2.3:a:redhat:ceph_storage:3.0:::::::*
	cpe:2.3:a:redhat:cloudforms_management_engine:5.0:::::::*
	cpe:2.3:a:redhat:openstack:13:::::::*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
	cpe:2.3:o:opensuse:leap:15.1:::::::*

History

21 Nov 2024, 04:27

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html - Mailing List, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html - Mailing List, Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2020:0216 - Patch, Vendor Advisory~~	() https://access.redhat.com/errata/RHSA-2020:0216 - Patch, Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2020:0218 - Patch, Vendor Advisory~~	() https://access.redhat.com/errata/RHSA-2020:0218 - Patch, Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905 - Issue Tracking, Patch, Vendor Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905 - Issue Tracking, Patch, Vendor Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/ -

02 Nov 2021, 18:09

Type	Values Removed	Values Added
CPE		cpe:2.3:a:opensuse:backports_sle:15.0:sp1:::::: cpe:2.3:o:opensuse:leap:15.1:::::::*
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html - Mailing List, Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html - Mailing List, Third Party Advisory
CWE	~~CWE-610~~	CWE-668

04 Aug 2021, 17:14

Type	Values Removed	Values Added
CPE	cpe:2.3:a:redhat:openstack:13.0:::::::*	cpe:2.3:a:redhat:openstack:13:::::::*

Information

Published : 2020-03-31 17:15

Updated : 2024-11-21 04:27

NVD link : CVE-2019-14905

Mitre link : CVE-2019-14905

CVE.ORG link : CVE-2019-14905

JSON object : View

Products Affected

fedoraproject

fedora

opensuse

backports_sle
leap

redhat

cloudforms_management_engine
ansible_tower
ceph_storage
ansible_engine
openstack

CWE

CWE-20

Improper Input Validation

CWE-73

External Control of File Name or Path

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2019-14905", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.3, "exploitabilityScore": 1.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 0.8}]}, "published": "2020-03-31T17:15:26.013", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0216", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0218", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0216", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0218", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-73"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en Ansible Engine versiones 2.9.x anteriores a 2.9.3, versiones 2.8.x anteriores a 2.8.8, versiones 2.7.x anteriores a 2.7.16 y anteriores, donde en el m\u00f3dulo nxos_file_copy de Ansible puede ser usado para copiar archivos a una flash o bootflash en dispositivos NXOS. Un c\u00f3digo malicioso podr\u00eda dise\u00f1ar el par\u00e1metro filename para llevar a cabo inyecciones de comandos de Sistema Operativo. Esto podr\u00eda resultar en una p\u00e9rdida de confidencialidad del sistema, entre otros problemas."}], "lastModified": "2024-11-21T04:27:39.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADF59B59-9254-4341-BC7A-BF981BAEF192", "versionEndExcluding": "2.7.16", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B727C825-657A-4922-BD90-0929ADCB9301", "versionEndExcluding": "2.8.8", "versionStartIncluding": "2.8.0"}, {"criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B384E395-651E-45AE-BC49-850BBC85C115", "versionEndExcluding": "2.9.3", "versionStartIncluding": "2.9.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_tower:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "834EEDDD-5071-4D2E-A66E-4DC017A2C8D1"}, {"criteria": "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "516F4E8E-ED2F-4282-9DAB-D8B378F61258"}, {"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7098B44F-56BF-42E3-8831-48D0A8E99EE2"}, {"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568"}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

5.6 /10