Lucene search

[email protected]CVE-2019-9891

HistoryMay 31, 2019 - 9:29 p.m.

CVE-2019-9891

2019-05-3121:29:06

CWE-94

[email protected]

web.nvd.nist.gov

224

cve-2019-9891

privilege escalation

getopt_simple

advanced bash scripting guide

shell script

sudo

command execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

JSON

The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo.

Affected configurations

NVD

Node

tldpadvanced_bash-scripting_guide

CPENameOperatorVersion
tldp:advanced_bash-scripting_guidetldp advanced bash-scripting guideeq*

CPE	Name	Operator	Version
tldp:advanced_bash-scripting_guide	tldp advanced bash-scripting guide	eq	*

References

www.redteam-pentesting.de/advisories/rt-sa-2019-007

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

JSON

Related for CVE-2019-9891

cvelist1 packetstorm1 nvd1 prion1