CVE-2018-19636

CWE-306Missing AuthenticationCWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 87.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse SupportutilsOpensuse Supportutils
Timeline
PublishedMar 5
Latest updateMay 14

Description

Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

CVEListV5suse/supportutilsunspecified3.1-5.7.1
NVDopensuse/supportutils< 3.1-5.7.1

🔴Vulnerability Details

2
GHSA
GHSA-f264-4fj2-rjpf: Supportutils, before version 32022-05-14
CVEList
Local root exploit via inclusion of attacker controlled shell script2019-03-05
CVE-2018-19636 (HIGH CVSS 7.8) | Supportutils | cvebase.io