A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Cloudstack
APPApache< 4.13.1.0
Related vulnerabilities
Apache CloudStack: nieautoryzowany dostęp między tenantami przez rozszerzenie Proxmox
Apache CloudStack — RCE przez niechroniony port integracyjny API
Apache CloudStack — RCE przez nieuwierzytelniony port klastra (9090)
Apache CloudStack: authentication bypass przez manipulację nagłówkiem x-forwarded-for
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found...