VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-1puc-u4y9-aaap

Essentials
Severities (121)
References (41)
Severity details (30)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-1puc-u4y9-aaap
Aliases	CVE-2019-14904 GHSA-gwr8-5j83-483c PYSEC-2020-161 PYSEC-2020-180
Summary	A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-20	Improper Input Validation
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	Low	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14904.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:0215
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:0216
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:0217
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:0218
cvssv3	7.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2019-14904
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1776944
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729
cvssv3.1	7.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-gwr8-5j83-483c
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-gwr8-5j83-483c
cvssv3.1	5.0	https://github.com/ansible/ansible
generic_textual	MODERATE	https://github.com/ansible/ansible
cvssv3.1	7.3	https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69
generic_textual	HIGH	https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69
cvssv3.1	7.3	https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907
generic_textual	HIGH	https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907
cvssv3.1	7.3	https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8
generic_textual	HIGH	https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8
cvssv3.1	7.3	https://github.com/ansible/ansible/pull/65686
generic_textual	HIGH	https://github.com/ansible/ansible/pull/65686
cvssv3.1	7.3	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml
cvssv3.1	7.3	https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
cvssv2	6.1	https://nvd.nist.gov/vuln/detail/CVE-2019-14904
cvssv3	7.3	https://nvd.nist.gov/vuln/detail/CVE-2019-14904
cvssv3.1	7.3	https://nvd.nist.gov/vuln/detail/CVE-2019-14904
cvssv3.1	7.5	https://www.debian.org/security/2021/dsa-4950
generic_textual	HIGH	https://www.debian.org/security/2021/dsa-4950

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14904.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-14904
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69
		https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907
		https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8
		https://github.com/ansible/ansible/pull/65686
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml
		https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
		https://www.debian.org/security/2021/dsa-4950
1776944		https://bugzilla.redhat.com/show_bug.cgi?id=1776944
cpe:2.3:a:redhat:ansible::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2019-14904		https://nvd.nist.gov/vuln/detail/CVE-2019-14904
GHSA-gwr8-5j83-483c		https://github.com/advisories/GHSA-gwr8-5j83-483c
RHSA-2020:0215		https://access.redhat.com/errata/RHSA-2020:0215
RHSA-2020:0216		https://access.redhat.com/errata/RHSA-2020:0216
RHSA-2020:0217		https://access.redhat.com/errata/RHSA-2020:0217
RHSA-2020:0218		https://access.redhat.com/errata/RHSA-2020:0218
USN-7330-1		https://usn.ubuntu.com/7330-1/

No exploits are available.

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/ansible/ansible/pull/65686

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:L/Au:N/C:C/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14904

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14904

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14904

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2021/dsa-4950

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.09621
EPSS Score	0.00042
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.