Vulnerability CVE-2019-17134

Vulnerability Name:

CVE-2019-17134 (CCN-168584)

Assigned:

2019-10-08

Published:

2019-10-08

Updated:

2019-11-06

Summary:

Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.

CVSS v3 Severity:

9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-287

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2019-17134

Source: REDHAT
Type: UNKNOWN
RHSA-2019:3743

Source: REDHAT
Type: UNKNOWN
RHSA-2019:3788

Source: REDHAT
Type: UNKNOWN
RHSA-2020:0721

Source: XF
Type: UNKNOWN
openstack-octavia-cve201917134-sec-bypass(168584)

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://review.opendev.org/686541

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://review.opendev.org/686543

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://review.opendev.org/686544

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://review.opendev.org/686545

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://review.opendev.org/686546

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://review.opendev.org/686547

Source: CCN
Type: oss-sec Mailing List, Tue, 8 Oct 2019 11:24:09 +0200
[OSSA-2019-005] Octavia Amphora-Agent not requiring Client-Certificate (CVE-2019-17134)

Source: CCN
Type: OSSA-2019-005
Octavia Amphora-Agent not requiring Client-Certificate

Source: CONFIRM
Type: Patch, Vendor Advisory
https://security.openstack.org/ossa/OSSA-2019-005.html

Source: MISC
Type: Exploit, Third Party Advisory
https://storyboard.openstack.org/#!/story/2006660

Source: UBUNTU
Type: Third Party Advisory
USN-4153-1

Vulnerable Configuration:

Configuration 1:

cpe:/a:opendev:octavia:*:*:*:*:*:openstack:*:* (Version >= 0.10.0 and < 2.1.2)

OR cpe:/a:opendev:octavia:*:*:*:*:*:openstack:*:* (Version >= 3.0.0 and < 3.2.0)

OR cpe:/a:opendev:octavia:*:*:*:*:*:openstack:*:* (Version >= 4.0.0 and < 4.1.0)

Configuration 2:

cpe:/o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201917134	V	CVE-2019-17134	2022-05-22
oval:org.opensuse.security:def:61604	P	logrotate-3.13.0-4.3.9 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61689	P	zypper-1.14.27-1.11 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61603	P	libzzip-0-13-0.13.69-3.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61627	P	policycoreutils-2.8-9.19 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61688	P	zsh-5.6-5.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:63420	P	djvulibre-3.5.27-9.28 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63350	P	libspice-server-devel-0.14.3-1.48 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63492	P	libreoffice-7.1.2.2-2.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63337	P	libct4-1.1.36-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63442	P	libvorbis0-32bit-1.3.6-4.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62157	P	libidn-devel-1.34-3.2.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63020	P	libgit2-28-0.28.4-1.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62263	P	mozilla-nspr-32bit-4.25.1-3.17.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62353	P	xdg-utils-1.1.3+20190413-1.24 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62069	P	emacs-25.3-3.6.51 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63526	P	NetworkManager-lang-1.10.6-3.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63151	P	gnuplot-5.2.2-1.109 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62393	P	accountsservice-0.6.45-4.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61712	P	cairo-devel-1.16.0-1.55 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62922	P	perl-YAML-LibYAML-0.59-1.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63154	P	guestfs-data-1.38.0-3.52 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62485	P	perl-MIME-Charset-1.012.2-1.24 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61796	P	libXp-devel-1.0.3-1.24 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63286	P	libxmltooling-devel-1.6.4-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63254	P	apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62603	P	sane-backends-1.0.27-4.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61883	P	libsolv-devel-0.7.14-1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63389	P	apache2-mod_php7-7.2.5-2.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63052	P	python2-numpy-gnu-hpc-1.14.0-4.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63248	P	389-ds-1.4.3.9~git0.3eb8617f6-1.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62699	P	libsrt1-1.3.4-1.45 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63387	P	apache-commons-beanutils-1.9.2-2.46 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:87993	P	Security update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud (Moderate)	2019-11-26
oval:org.opensuse.security:def:88297	P	Security update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud (Moderate)	2019-11-26
oval:com.ubuntu.disco:def:2019171340000000	V	CVE-2019-17134 on Ubuntu 19.04 (disco) - medium.	2019-10-08

BACK