CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access.

CVSS v3 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/155273/Prima-Access-Control-2.3.35-Script-Upload-Remote-Code-Execution.html
https://applied-risk.com/index.php/download_file/view/199/165	Third Party Advisory
https://applied-risk.com/labs/advisories	Third Party Advisory
https://applied-risk.com/resources/ar-2019-007	Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-211-02

Configurations

Configuration 1 (hide)

cpe:2.3:a:primasystems:flexair:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-05 18:29

Updated : 2019-07-31 16:15

NVD link : CVE-2019-9189

Mitre link : CVE-2019-9189

CVE.ORG link : CVE-2019-9189

JSON object : View

Products Affected

primasystems

flexair

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2019-9189", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-06-05T18:29:01.217", "references": [{"url": "http://packetstormsecurity.com/files/155273/Prima-Access-Control-2.3.35-Script-Upload-Remote-Code-Execution.html", "source": "cve@mitre.org"}, {"url": "https://applied-risk.com/index.php/download_file/view/199/165", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://applied-risk.com/labs/advisories", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://applied-risk.com/resources/ar-2019-007", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access."}, {"lang": "es", "value": "En los dispositivos Prima Systems FlexAir, versiones 2.4.9api3 y anteriores. La aplicaci\u00f3n permite la carga de scripts arbitrarios de Python al configurar el controlador central principal. Estos scripts pueden ejecutarse inmediatamente debido a la ejecuci\u00f3n del c\u00f3digo ra\u00edz, no como un usuario del servidor web, lo que permite que un atacante autenticado obtenga acceso completo al sistema."}], "lastModified": "2019-07-31T16:15:11.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:primasystems:flexair:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "175CBF56-BD66-48B3-A3AC-25B4FCD4F601", "versionEndIncluding": "2.3.38"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}