Executable Path Injection Vulnerability in osquery by Facebook
CVE-2019-3567

8.1HIGH

Key Information:

Vendor: Facebook
Status: Osquery
Vendor: CVE Published:; 3 June 2019

What is CVE-2019-3567?

An injection vulnerability exists in osquery that allows an attacker to modify the extensions.load file, potentially causing the application to execute a malicious binary with elevated SYSTEM permissions. If configurations are not properly secured, an attacker could hard link a folder containing malicious software to a directory that has overly permissive access. A recommended preventive measure is to relocate installations to the 'Program Files' directory on Windows systems to restrict unwarranted write access and protect against exploitation.

Affected Version(s)

osquery 3.4.0

osquery < 3.4.0

References

https://www.facebook.com/security/advisories/cve-2019-3567

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2019
Vulnerability Reserved
Jan 2, 2019