Lucene search

K

[email protected]NVD:CVE-2018-14354

HistoryJul 17, 2018 - 5:29 p.m.

CVE-2018-14354

2018-07-1717:29:00

CWE-78

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.

Affected configurations

NVD

Node

muttmuttRange<1.10.1

OR

neomuttneomuttRange<20180716

Node

canonicalubuntu_linuxMatch12.04esm

OR

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch16.04lts

OR

canonicalubuntu_linuxMatch18.04lts

Node

debiandebian_linuxMatch8.0

OR

debiandebian_linuxMatch9.0

Node

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_desktopMatch7.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_serverMatch7.0

OR

redhatenterprise_linux_server_ausMatch7.6

OR

redhatenterprise_linux_server_ausMatch7.7

OR

redhatenterprise_linux_server_eusMatch7.5

OR

redhatenterprise_linux_server_eusMatch7.6

OR

redhatenterprise_linux_server_eusMatch7.7

OR

redhatenterprise_linux_server_tusMatch7.6

OR

redhatenterprise_linux_server_tusMatch7.7

OR

redhatenterprise_linux_workstationMatch6.0

OR

redhatenterprise_linux_workstationMatch7.0

References

www.mutt.org/news.html

www.securityfocus.com/bid/104925

access.redhat.com/errata/RHSA-2018:2526

github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb

gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d

lists.debian.org/debian-lts-announce/2018/08/msg00001.html

neomutt.org/2018/07/16/release

security.gentoo.org/glsa/201810-07

usn.ubuntu.com/3719-1/

usn.ubuntu.com/3719-2/

usn.ubuntu.com/3719-3/

www.debian.org/security/2018/dsa-4277

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

Related for NVD:CVE-2018-14354

osv3 prion1 debiancve1 cve1 cvelist1 veracode1 redhatcve1 alpinelinux1 ubuntucve1 openvas18 nessus27 centos1 oraclelinux1 amazon1 redhat1 gentoo1 fedora2 ubuntu3 freebsd2 debian3 mageia1 suse2