CyberSec.Space Logo
Back to CVE Browser

CVE-2019-14514

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1160%
EPSS Percentile17.28th
PublishedFeb 11, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is unrelated to Red Hat's systemd init program, and is a closed-source proprietary tool that seems to be developed by Microvirt). This program opens TCP port 21509, presumably to receive installation-related commands from the host OS. Because everything after the installer:uninstall command is concatenated directly into a system() call, it is possible to execute arbitrary commands by supplying shell metacharacters.

Affected Platforms (CPE)

📦
Microvirt

Memu

< 7.0.2

References & Advisories

🔗 https://github.com/seqred-s-a/cve-2019-14514
🔗 https://github.com/seqred-s-a/cve-2019-14514

Related Vulnerabilities

CVE-2019-255689.8

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by repl...

CVE-2020-371299.8

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.e...

CVE-2018-206217.8

An issue was discovered in Microvirt MEmu 6.0.6. The MemuService.exe service binary is vulnerable to local privilege escalation th...

CVE-2020-369377.8

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attacke...

CVE-2019-14514 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space