{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T07:08:23.496","vulnerabilities":[{"cve":{"id":"CVE-2019-17562","sourceIdentifier":"security@apache.org","published":"2020-05-14T17:15:11.897","lastModified":"2026-06-17T02:24:09.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond."},{"lang":"es","value":"Se ha detectado una vulnerabilidad de desbordamiento del búfer en el componente baremetal de Apache CloudStack. Esto se aplica a todas las versiones anteriores a 4.13.1. La vulnerabilidad es debido a la falta de comprobación del parámetro mac en el enrutador virtual baremetal. Si inserta un comando de shell arbitrario en el parámetro mac, v-router procesará el comando. Por ejemplo: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. La mitigación de este problema es una actualización a Apache CloudStack versión 4.13.1.0 o posterior."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"n/a","product":"Apache CloudStack","versions":[{"version":"Apache CloudStack all versions up to 4.13.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*","versionEndExcluding":"4.13.1.0","matchCriteriaId":"B1CC87AF-B5E9-491B-93ED-EAC217C74D51"}]}]}],"references":[{"url":"https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E","source":"security@apache.org","tags":["Exploit","Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Vendor Advisory"]}]}}]}