CVE-2019-5443

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.

CVSS v3 7.8 HIGH
CVSS v2.0 4.4 MEDIUM

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2019/06/24/1	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/108881	Broken Link
https://curl.haxx.se/docs/CVE-2019-5443.html	Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20191017-0002/	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/24/1	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/108881	Broken Link
https://curl.haxx.se/docs/CVE-2019-5443.html	Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20191017-0002/	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:oss_support_tools:20.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_unified_manager::::::windows::*
	cpe:2.3:a:netapp:oncommand_unified_manager::::::vmware_vsphere::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*

History

21 Nov 2024, 04:44

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2019/06/24/1 - Mailing List, Patch, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2019/06/24/1 - Mailing List, Patch, Third Party Advisory
References	~~() http://www.securityfocus.com/bid/108881 - Broken Link~~	() http://www.securityfocus.com/bid/108881 - Broken Link
References	~~() https://curl.haxx.se/docs/CVE-2019-5443.html - Patch, Vendor Advisory~~	() https://curl.haxx.se/docs/CVE-2019-5443.html - Patch, Vendor Advisory
References	~~() https://security.netapp.com/advisory/ntap-20191017-0002/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20191017-0002/ - Third Party Advisory
References	~~() https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory
References	~~() https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory
References	~~() https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Third Party Advisory~~	() https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Third Party Advisory

03 Nov 2021, 18:21

Type	Values Removed	Values Added
CWE	~~CWE-94~~	CWE-427
CPE		cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::* cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::* cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::* cpe:2.3:a:oracle:mysql_server:::::::: cpe:2.3:a:netapp:oncommand_unified_manager::::::windows::* cpe:2.3:a:oracle:oss_support_tools:20.0:::::::* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::* cpe:2.3:a:netapp:oncommand_insight:-:::::::* cpe:2.3:a:netapp:snapcenter:-:::::::* cpe:2.3:a:netapp:oncommand_unified_manager::::::vmware_vsphere::*
CVSS	v2 : ~~4.6~~ v3 : ~~7.8~~	v2 : 4.4 v3 : 7.8
References	~~(MISC) https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html -~~	(MISC) https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20191017-0002/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20191017-0002/ - Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2020.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory
References	~~(BID) http://www.securityfocus.com/bid/108881 - Third Party Advisory, VDB Entry~~	(BID) http://www.securityfocus.com/bid/108881 - Broken Link
References	~~(N/A) https://www.oracle.com/security-alerts/cpuapr2020.html -~~	(N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory

Information

Published : 2019-07-02 19:15

Updated : 2024-11-21 04:44

NVD link : CVE-2019-5443

Mitre link : CVE-2019-5443

CVE.ORG link : CVE-2019-5443

JSON object : View

Products Affected

netapp

oncommand_workflow_automation
oncommand_insight
oncommand_unified_manager
snapcenter

microsoft

windows

oracle

mysql_server
http_server
enterprise_manager_ops_center
oss_support_tools

haxx

curl

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2019-5443", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-07-02T19:15:10.790", "references": [{"url": "http://www.openwall.com/lists/oss-security/2019/06/24/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "http://www.securityfocus.com/bid/108881", "tags": ["Broken Link"], "source": "support@hackerone.com"}, {"url": "https://curl.haxx.se/docs/CVE-2019-5443.html", "tags": ["Patch", "Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20191017-0002/", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "http://www.openwall.com/lists/oss-security/2019/06/24/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/108881", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://curl.haxx.se/docs/CVE-2019-5443.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20191017-0002/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl \"engine\") on invocation. If that curl is invoked by a privileged user it can do anything it wants."}, {"lang": "es", "value": "Un usuario o programa no privilegiado puede colocar un c\u00f3digo y un archivo de configuraci\u00f3n en una ruta (path) no privilegiada conocida (bajo C:/usr/local/) que har\u00e1 que curl anterior a versi\u00f3n 7.65.1 incluy\u00e9ndola, ejecute autom\u00e1ticamente el c\u00f3digo en la invocaci\u00f3n (como un \"engine\" openssl). Si ese curl es invocado por un usuario privilegiado, este puede hacer lo que desee."}], "lastModified": "2024-11-21T04:44:56.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22551EE7-6395-4539-981E-034E01D82A76", "versionEndIncluding": "7.65.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24"}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43"}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C"}, {"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52A7407B-96A0-4B45-A7EC-5D99A5828AC8", "versionEndIncluding": "5.7.27", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B89DD070-1301-4EF9-B46E-7F7D7F2A7A0E", "versionEndIncluding": "8.0.17", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8252A7F5-2FB5-4E73-864D-D11F21F5EC56"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "6AADE2A6-B78C-4B9C-8FAB-58DB50F69D84", "versionStartIncluding": "7.3"}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "37C50706-4EB7-4AC0-BFE2-B3929F79B5D7", "versionStartIncluding": "9.5"}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}

7.8 /10