CVE-2019-19019

An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product.

CVSS v3 7.5 HIGH
CVSS v2.0 8.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://write-up.github.io/webtitan/	Exploit Third Party Advisory
https://www.webtitan.com/resources/product-updates/	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:titanhq:webtitan:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-12-02 17:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-19019

Mitre link : CVE-2019-19019

CVE.ORG link : CVE-2019-19019

JSON object : View

Products Affected

titanhq

webtitan

CWE

CWE-346

Origin Validation Error

{"id": "CVE-2019-19019", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2019-12-02T17:15:13.000", "references": [{"url": "https://write-up.github.io/webtitan/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.webtitan.com/resources/product-updates/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product."}, {"lang": "es", "value": "Se detect\u00f3 un problema en TitanHQ WebTitan versiones anteriores a 5.18. Contiene un problema de Ejecuci\u00f3n de C\u00f3digo Remota por medio del cual un atacante puede ejecutar c\u00f3digo arbitrario como root. El problema proviene del mecanismo de descarga del parche en caliente (hotfix), que descarga un script de shell por medio de HTTP y luego lo ejecuta como root. Esto es similar a CVE-2019-6800 pero para un producto diferente."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:titanhq:webtitan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9818BB67-8F78-48F0-9587-7C6CB96494B4", "versionEndExcluding": "5.18"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}