Lucene search

[email protected]NVD:CVE-2019-14868

HistoryApr 02, 2020 - 5:15 p.m.

CVE-2019-14868

2020-04-0217:15:13

CWE-77

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

57.2%

JSON

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

Affected configurations

Nvd

Node

ksh_projectkshMatch20120801

Node

debiandebian_linuxMatch9.0

Node

applemac_os_xRange<10.15.5

VendorProductVersionCPE
ksh_projectksh20120801cpe:2.3:a:ksh_project:ksh:20120801:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ksh_project	ksh	20120801	cpe:2.3:a:ksh_project:ksh:20120801:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::