Login Sign Up

CVE-2019-12164

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2019-12164 is a remote code execution vulnerability in Status React Native Desktop's ubuntu-server.js component. It allows attackers to execute arbitrary code on affected systems without authentication. Users running Status React Native Desktop versions before v0.57.8_mobile_ui are affected.

💻 Affected Systems

Products:
  • Status React Native Desktop
Versions: All versions before v0.57.8_mobile_ui
Operating Systems: Linux (Ubuntu)
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the ubuntu-server.js component in desktop versions of Status React Native applications.

📦 What is this software?

React Native Desktop by Status

View all CVEs affecting React Native Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to install malware, steal data, pivot to other systems, or establish persistent backdoor access.

🟠

Likely Case

Attacker gains remote shell access to execute commands, potentially leading to data theft, cryptocurrency wallet compromise, or system takeover.

🟢

If Mitigated

If properly segmented and monitored, impact limited to isolated system with no critical data access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Based on CVSS 9.8 score and remote code execution nature, exploitation appears straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.57.8_mobile_ui and later

Vendor Advisory: https://github.com/status-im/react-native-desktop/pull/475

Restart Required: Yes

Instructions:

1. Update Status React Native Desktop to version v0.57.8_mobile_ui or later. 2. Restart the application. 3. Verify the fix by checking the version.

🔧 Temporary Workarounds

Network Isolation

linux

Block external access to Status React Native Desktop service ports

sudo ufw deny from any to any port <status_port>
sudo iptables -A INPUT -p tcp --dport <status_port> -j DROP

Service Disablement

linux

Temporarily disable the vulnerable ubuntu-server.js component

sudo systemctl stop status-react-native-desktop
kill $(pgrep -f ubuntu-server.js)

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected systems from internet and critical internal networks
  • Deploy application control/whitelisting to prevent execution of unauthorized binaries

🔍 How to Verify

Check if Vulnerable:

Check Status React Native Desktop version. If version is earlier than v0.57.8_mobile_ui, system is vulnerable.

Check Version:

status-react-native-desktop --version or check package manager (dpkg -l | grep status-react-native-desktop)

Verify Fix Applied:

Confirm version is v0.57.8_mobile_ui or later and verify the fix commit f6945f1e4b157c69e414cd94fe5cde1876aabcc1 is present.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process execution from ubuntu-server.js
  • Suspicious network connections from Status React Native Desktop process
  • Error logs related to ubuntu-server.js component

Network Indicators:

  • Unexpected outbound connections from Status React Native Desktop
  • Inbound connections to non-standard ports used by the application

SIEM Query:

process_name="ubuntu-server.js" AND (process_execution OR network_connection)

📊 Metadata

CVE ID: CVE-2019-12164
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: July 23, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON