CVE-2019-17562: Buffer Overflow
First published: Thu May 14 2020(Updated: )
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache CloudStack | <4.13.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-17562?
CVE-2019-17562 is considered a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2019-17562?
To fix CVE-2019-17562, upgrade Apache CloudStack to version 4.13.1 or later.
What versions of Apache CloudStack are affected by CVE-2019-17562?
CVE-2019-17562 affects all versions of Apache CloudStack prior to 4.13.1.
What component is vulnerable in CVE-2019-17562?
The vulnerable component in CVE-2019-17562 is the baremetal part of Apache CloudStack.
What is the cause of the vulnerability in CVE-2019-17562?
The cause of CVE-2019-17562 is a buffer overflow due to the lack of validation of the mac parameter in the baremetal virtual router.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- vendor/apache
- canonical/apache cloudstack