Vulnerability CVE-2019-10068


Published: 2019-03-26

Description:
An issue was discovered in Kentico before 12.0.15. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.

Type:

CWE-502

(Deserialization of Untrusted Data)

Vendor: Kentico
Product: Kentico 
Version:
9.0.9
9.0.8
9.0.7
9.0.6
9.0.51
9.0.50
9.0.5
9.0.49
9.0.48
9.0.47
9.0.46
9.0.45
9.0.44
9.0.43
9.0.42
9.0.41
9.0.40
9.0.4
9.0.39
9.0.38
9.0.37
9.0.36
9.0.35
9.0.34
9.0.33
9.0.32.1
9.0.31
9.0.30
9.0.3
9.0.29
9.0.28
9.0.27
9.0.26
9.0.25
9.0.24
9.0.23
9.0.22
9.0.21
9.0.20
9.0.2
9.0.19
9.0.18
9.0.17
9.0.16
9.0.15
9.0.14
9.0.13
9.0.12
9.0.11
9.0.10
9.0.1
9.0.0.1
9.0.0
8.2.7
8.2.6
8.2.50
8.2.5
8.2.49
8.2.48
8.2.47
8.2.46
8.2.45
8.2.44
8.2.43
8.2.42
8.2.41
8.2.40
8.2.4
8.2.39
8.2.38
8.2.37
8.2.36
8.2.35
8.2.34
8.2.33
8.2.30
8.2.3
8.2.29
8.2.28
8.2.27
8.2.26
8.2.25
8.2.24
8.2.23
8.2.22
8.2.21
8.2.20
8.2.2
8.2.19
8.2.18
8.2.17
8.2.16
8.2.15
8.2.14
8.2.13
8.2.12
8.2.11
8.2.10
8.2.1
8.1.9
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://devnet.kentico.com/download/hotfixes#securityBugs-v12

Related CVE
CVE-2019-12102
Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI.
CVE-2019-6242
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix ...
CVE-2015-7823
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter.
CVE-2015-7822
Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the...

Copyright 2019, cxsecurity.com

 

Back to Top