nvd-json-data-feeds/CVE-2019/CVE-2019-54xx/CVE-2019-5414.json

{
  "id": "CVE-2019-5414",
  "sourceIdentifier": "support@hackerone.com",
  "published": "2019-03-21T16:01:05.437",
  "lastModified": "2019-10-09T23:50:49.823",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2."
    },
    {
      "lang": "es",
      "value": "Si un atacante puede controlar el puerto, que en s\u00ed mismo es un valor muy sensible, puede inyectar comandos arbitrarios del sistema operativo debido al uso de la funci\u00f3n exec en un m\u00f3dulo kill-port de terceros."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    },
    {
      "source": "support@hackerone.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:kill-port_project:kill-port:*:*:*:*:*:node.js:*:*",
              "versionEndExcluding": "1.3.2",
              "matchCriteriaId": "00C38BD4-75FE-42E6-8514-0D513C09211E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://hackerone.com/reports/389561",
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}