Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-12491

OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.7%
CVSS Severity
CVSS v3 Score 6.6
CVSS v2 Score 8.5
Products affected by CVE-2019-12491
  • Onapp » Onapp » Version: 5.0.0
    cpe:2.3:a:onapp:onapp:5.0.0
  • Onapp » Onapp » Version: 5.1.0
    cpe:2.3:a:onapp:onapp:5.1.0
  • Onapp » Onapp » Version: 5.10.0
    cpe:2.3:a:onapp:onapp:5.10.0
  • Onapp » Onapp » Version: 5.2.0
    cpe:2.3:a:onapp:onapp:5.2.0
  • Onapp » Onapp » Version: 5.3.0
    cpe:2.3:a:onapp:onapp:5.3.0
  • Onapp » Onapp » Version: 5.4.0
    cpe:2.3:a:onapp:onapp:5.4.0
  • Onapp » Onapp » Version: 5.5.0
    cpe:2.3:a:onapp:onapp:5.5.0
  • Onapp » Onapp » Version: 5.6.0
    cpe:2.3:a:onapp:onapp:5.6.0
  • Onapp » Onapp » Version: 5.7.0
    cpe:2.3:a:onapp:onapp:5.7.0
  • Onapp » Onapp » Version: 5.8.0
    cpe:2.3:a:onapp:onapp:5.8.0
  • Onapp » Onapp » Version: 5.9.0
    cpe:2.3:a:onapp:onapp:5.9.0
  • Onapp » Onapp » Version: 6.0
    cpe:2.3:a:onapp:onapp:6.0
  • Onapp » Onapp » Version: 6.0.0
    cpe:2.3:a:onapp:onapp:6.0.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved