HomePentest-Tools.com Logo

Kibana - Remote Code Execution (CVE-2019-7609)

Severity
CVSSv3 Score
10
Exploitable with Sniper
Yes
Vulnerability description

Kibana is affected by a Remote Code Execution vulnerability. Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. The root cause of this vulnerability is the parataxis of the prototype pollution vulnerability and the existence of a public function that can spawn a new node process. This allows attackers to create prototype pollution gadgets, which can be very dangerous on Node.js applications, as they have their back-end written in JavaScript.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the Kibana server to steal confidential information, install ransomware or create a reverse shell.

Recommendation

Upgrade Kibana to the latest version or version 6.6.1 or 5.6.15. Users unable to upgrade can disable Timelion by setting timelion.enabled to false in the kibana.yml configuration file.

Detectable with
Network Scanner
Vuln date
Mar 2019
Published at
Updated at
Software Type
Data visualization
Vendor
Elastic
Product
Kibana
Codename
Not available