Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-3567

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0.

Published

2019-06-03T19:29:01.987

Last Modified

2024-11-21T04:42:10.827

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-284
Type: Primary
CWE-59

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	osquery	< 3.4.0	Yes

References

https://www.facebook.com/security/advisories/cve-2019-3567 Third Party Advisory ([email protected])
https://www.facebook.com/security/advisories/cve-2019-3567 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)