CVE-2019-10068

CRITICAL KEV NUCLEI

Kentico <12.0.15, 11.0.48, 10.0.52, 9.x - Code Injection

Title source: llm

Description

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.

Exploits (2)

nomisec WORKING POC

by cianananan · poc

https://github.com/cianananan/CVE-2019-10068-PoC

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Manoj Cherukuri, Justin LeMay, aushack · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/kentico_staging_syncserver.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Kentico CMS Insecure Deserialization Remote Code Execution

CRITICALby davidmckennirey

Shodan: cpe:"cpe:2.3:a:kentico:kentico"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html

[Release Notes, Vendor Advisory] https://devnet.kentico.com/download/hotfixes#securityBugs-v12

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-10068

Scores

CVSS v3 9.8

EPSS 0.9389

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-03-25

VulnCheck KEV 2022-03-25

InTheWild.io 2022-03-25

ENISA EUVD EUVD-2019-2129

Classification

CWE

CWE-502

Status published

Affected Products (1)

kentico/xperience < 9.0.51

Timeline

Published Mar 26, 2019

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026