The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution,…
mitre·CWE-78·Published 2019-06-24
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue
**EN DISPUTA** El comando QMP guest_exec en QEMU versión 4.0.0 y anteriores es propenso a la inyección de comandos del sistema operativo, lo que permite al atacante remoto lograr la ejecución de código, una denegación de servicio, o la divulgación de información mediante el envío de un comando QMP manipulado al servidor de escucha. Nota: Está siendo discutida por no ser un problema ya que la interfaz -qmp de QEMU está destinada a ser utilizada por usuarios de confianza. Si uno puede acceder a esta interfaz a través de un socket TCP abierto a Internet, entonces es un problema de configuración inseguro.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 10.0 | 10.0 | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| 3.0 | Primary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |