Search for vulnerabilities
Vulnerability details: VCID-vq8m-kxfj-aaap
Vulnerability ID VCID-vq8m-kxfj-aaap
Aliases CVE-2019-14287
Summary In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Status Published
Exploitability 2.0
Weighted Severity 8.1
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-755 Improper Handling of Exceptional Conditions
CWE-267 Privilege Defined With Unsafe Actions
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14287.html
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14287.json
epss 0.27436 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.32838 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.32838 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.32838 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.32838 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.32838 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.32838 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.33196 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.33196 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.33196 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.33196 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.35818 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.35818 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.35818 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.35818 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.84563 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
epss 0.86476 https://api.first.org/data/v1/epss?cve=CVE-2019-14287
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
cvssv3 7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 9.0 https://nvd.nist.gov/vuln/detail/CVE-2019-14287
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-14287
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-14287
archlinux High https://security.archlinux.org/AVG-1047
generic_textual Medium https://ubuntu.com/security/notices/USN-4154-1
generic_textual Medium https://www.sudo.ws/alerts/minus_1_uid.html
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14287.html
https://access.redhat.com/errata/RHBA-2019:3248
https://access.redhat.com/errata/RHSA-2019:3197
https://access.redhat.com/errata/RHSA-2019:3204
https://access.redhat.com/errata/RHSA-2019:3205
https://access.redhat.com/errata/RHSA-2019:3209
https://access.redhat.com/errata/RHSA-2019:3219
https://access.redhat.com/errata/RHSA-2019:3278
https://access.redhat.com/errata/RHSA-2019:3694
https://access.redhat.com/errata/RHSA-2019:3754
https://access.redhat.com/errata/RHSA-2019:3755
https://access.redhat.com/errata/RHSA-2019:3895
https://access.redhat.com/errata/RHSA-2019:3916
https://access.redhat.com/errata/RHSA-2019:3941
https://access.redhat.com/errata/RHSA-2019:4191
https://access.redhat.com/errata/RHSA-2020:0388
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14287.json
https://api.first.org/data/v1/epss?cve=CVE-2019-14287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/
https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287
https://seclists.org/bugtraq/2019/Oct/20
https://seclists.org/bugtraq/2019/Oct/21
https://security.gentoo.org/glsa/202003-12
https://security.netapp.com/advisory/ntap-20191017-0003/
https://support.f5.com/csp/article/K53746212?utm_source=f5support&amp%3Butm_medium=RSS
https://support.f5.com/csp/article/K53746212?utm_source=f5support&utm_medium=RSS
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us
https://ubuntu.com/security/notices/USN-4154-1
https://usn.ubuntu.com/4154-1/
https://www.debian.org/security/2019/dsa-4543
https://www.openwall.com/lists/oss-security/2019/10/15/2
https://www.sudo.ws/alerts/minus_1_uid.html
http://www.openwall.com/lists/oss-security/2019/10/14/1
http://www.openwall.com/lists/oss-security/2019/10/24/1
http://www.openwall.com/lists/oss-security/2019/10/29/3
http://www.openwall.com/lists/oss-security/2021/09/14/2
942322 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942322
ASA-201910-9 https://security.archlinux.org/ASA-201910-9
AVG-1047 https://security.archlinux.org/AVG-1047
cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*
cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2019-14287 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/47502.py
CVE-2019-14287 https://nvd.nist.gov/vuln/detail/CVE-2019-14287
RHBA-2019:3248 https://bugzilla.redhat.com/show_bug.cgi?id=1760531
Data source Exploit-DB
Date added Oct. 15, 2019
Description sudo 1.8.27 - Security Bypass
Ransomware campaign use Unknown
Source publication date Oct. 15, 2019
Exploit type local
Platform linux
Source update date Dec. 17, 2021
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14287.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14287
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14287
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14287
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.96897
EPSS Score 0.27436
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.