Kibana - Remote Code Execution (CVE-2019-7609)
- Severity
- CVSSv3 Score
- 10
- Exploitable with Sniper
- Yes
- Vulnerability description
Kibana is affected by a Remote Code Execution vulnerability. Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. The root cause of this vulnerability is the parataxis of the prototype pollution vulnerability and the existence of a public function that can spawn a new node process. This allows attackers to create prototype pollution gadgets, which can be very dangerous on Node.js applications, as they have their back-end written in JavaScript.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the Kibana server to steal confidential information, install ransomware or create a reverse shell.
- Recommendation
Upgrade Kibana to the latest version or version 6.6.1 or 5.6.15. Users unable to upgrade can disable Timelion by setting timelion.enabled to false in the kibana.yml configuration file.
- References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7609
https://www.tenable.com/cve/CVE-2019-7609
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077- Detectable with
- Network Scanner
- Vuln date
- Mar 2019
- Published at
- Updated at
- Software Type
- Data visualization
- Vendor
- Elastic
- Product
- Kibana
- Codename
- Not available