CVE-2019-14257

Опубликовано: 21 авг. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.

Ссылки

https://www.coalfire.com/The-Coalfire-Blog
Vendor Advisory
https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test
Exploit
Vendor Advisory
https://www.coalfire.com/The-Coalfire-Blog
Vendor Advisory
https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zenoss:zenoss:2.5.3:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00045

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2019-14257

CVSS3: 7.8

debian

больше 6 лет назад

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying e ...

GHSA-rwrc-9gjv-85pj

CVSS3: 7.8

github

больше 3 лет назад

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.

EPSS

Процентиль: 14%

0.00045

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264