CVE-2019-10068 - OpenCVE

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kentico	Kentico

Configuration 1 [-]

OR	cpe:2.3:a:kentico:kentico::::::::
	cpe:2.3:a:kentico:kentico::::::::
	cpe:2.3:a:kentico:kentico::::::::
	cpe:2.3:a:kentico:kentico::::::::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html
https://devnet.kentico.com/download/hotfixes#securityBugs-v12

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-26T17:43:23

Updated: 2024-08-04T22:10:09.506Z

Reserved: 2019-03-26T00:00:00

Link: CVE-2019-10068

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-03-26T18:29:00.403

Modified: 2024-07-16T17:54:02.577

Link: CVE-2019-10068

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-06T16:06:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://devnet.kentico.com/download/hotfixes#securityBugs-v12"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-10068", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://devnet.kentico.com/download/hotfixes#securityBugs-v12", "refsource": "MISC", "url": "https://devnet.kentico.com/download/hotfixes#securityBugs-v12"}, {"name": "http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:10:09.506Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://devnet.kentico.com/download/hotfixes#securityBugs-v12"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-10068", "datePublished": "2019-03-26T17:43:23", "dateReserved": "2019-03-26T00:00:00", "dateUpdated": "2024-08-04T22:10:09.506Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Kentico Xperience Deserialization of Untrusted Data Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5E8132C-9BF6-4D06-A1C9-66CA75A4D6CB", "versionEndIncluding": "9.0.51", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7F0A2B8-0D3C-4A71-96E1-EE2F713342BE", "versionEndExcluding": "10.0.52", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*", "matchCriteriaId": "513018EA-C0CA-444A-88D9-0F00CC28CD5B", "versionEndExcluding": "11.0.48", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*", "matchCriteriaId": "26AC7D81-C6A1-4B78-8F0E-D448C87DA3B1", "versionEndExcluding": "12.0.15", "versionStartIncluding": "12.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Kentico 12.0.x anterior a la versi\u00f3n 12.0.15, 11.0.x antes de 11.0.48, 10.0.x antes de 10.0.52 y versiones 9.x. Debido a un fallo al validar los encabezados de seguridad, fue posible que una solicitud especialmente dise\u00f1ada para el servicio de preparaci\u00f3n omitiera la autenticaci\u00f3n inicial y procediera a deserializar la entrada de objetos .NET controlada por el usuario. Esta deserializaci\u00f3n condujo a una ejecuci\u00f3n remota de c\u00f3digo no autenticada en el servidor donde estaba alojada la instancia de Kentico."}], "id": "CVE-2019-10068", "lastModified": "2024-07-16T17:54:02.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-26T18:29:00.403", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://devnet.kentico.com/download/hotfixes#securityBugs-v12"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}