CVE-2019-12929

ADVISORY - nist

Summary

The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue

EPSS Score⁠: 0.03423 (0.875)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-668⁠

Exposure of Resource to Wrong Sphere

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADVISORY - redhat

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Impacted images

Advisories

NIST

CREATED

7 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2019-12929⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-668⁠CWE-78⁠

CVSS SCORE

9.8critical

Debian

CREATED

7 years ago

UPDATED

4 days ago

ADVISORY IDCVE-2019-12929⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

7 years ago

UPDATED

8 months ago

ADVISORY IDCVE-2019-12929⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8low

Red Hat

CREATED

7 years ago

UPDATED

3 months ago

ADVISORY IDCVE-2019-12929⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

N/Alow

intheWild

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDCVE-2019-12929⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY