8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.0%
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x
versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the
internal function ber_scanf() was used in some components of the IPA
server, which parsed kerberos key data. An unauthenticated attacker who
could trigger parsing of the krb principal key could cause the IPA server
to crash or in some conditions, cause arbitrary code to be executed on the
server hosting the IPA server.
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14867
launchpad.net/bugs/cve/CVE-2019-14867
nvd.nist.gov/vuln/detail/CVE-2019-14867
pagure.io/freeipa/c/4abd2f76d76c4c1a1ec5087ec447f4515b63c2c6
security-tracker.debian.org/tracker/CVE-2019-14867
www.cve.org/CVERecord?id=CVE-2019-14867
www.freeipa.org/page/Releases/4.6.7
www.freeipa.org/page/Releases/4.7.4
www.freeipa.org/page/Releases/4.8.3
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.0%