CVE-2019-5443

{"id": "CVE-2019-5443", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-07-02T19:15:10.790", "references": [{"url": "http://www.openwall.com/lists/oss-security/2019/06/24/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "http://www.securityfocus.com/bid/108881", "tags": ["Broken Link"], "source": "support@hackerone.com"}, {"url": "https://curl.haxx.se/docs/CVE-2019-5443.html", "tags": ["Patch", "Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20191017-0002/", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl \"engine\") on invocation. If that curl is invoked by a privileged user it can do anything it wants."}, {"lang": "es", "value": "Un usuario o programa no privilegiado puede colocar un c\u00f3digo y un archivo de configuraci\u00f3n en una ruta (path) no privilegiada conocida (bajo C:/usr/local/) que har\u00e1 que curl anterior a versi\u00f3n 7.65.1 incluy\u00e9ndola, ejecute autom\u00e1ticamente el c\u00f3digo en la invocaci\u00f3n (como un \"engine\" openssl). Si ese curl es invocado por un usuario privilegiado, este puede hacer lo que desee."}], "lastModified": "2021-11-03T18:21:51.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22551EE7-6395-4539-981E-034E01D82A76", "versionEndIncluding": "7.65.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24"}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43"}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C"}, {"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52A7407B-96A0-4B45-A7EC-5D99A5828AC8", "versionEndIncluding": "5.7.27", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B89DD070-1301-4EF9-B46E-7F7D7F2A7A0E", "versionEndIncluding": "8.0.17", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8252A7F5-2FB5-4E73-864D-D11F21F5EC56"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "6AADE2A6-B78C-4B9C-8FAB-58DB50F69D84", "versionStartIncluding": "7.3"}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "37C50706-4EB7-4AC0-BFE2-B3929F79B5D7", "versionStartIncluding": "9.5"}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}