Vulnerability Report

CVE-2019-3567

Title: Linuxfoundation Osquery

Other

Proof Of Concept

No public PoC currently indexed for CVE-2019-3567.

CWE Category CWE-59

Published Date Jun 03, 2019

Modified Date Nov 21, 2024

Exploit Status Not Found

Score 8.1 CVSS v3.0

Exploit Probability (EPSS)

0.43%

Vulnerability Summary

CVE-2019-3567: In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0.

Impacted Vendors

linuxfoundation 1

Reference Links

https://www.facebook.com/security/advisories/cve-2019-3567 https://www.facebook.com/security/advisories/cve-2019-3567

CVSS v3.0

Source Entity [email protected]

Severity HIGH

8.1

Attack Vector

NETWORK

Complexity

HIGH

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2019-3567 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

November 21, 2024 MODIFIED

Vulnerability data or affected products updated.

June 03, 2019 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity HIGH

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.