CVE-2018-19639

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 59.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Supportutils Opensuse Supportutils

Timeline

PublishedMar 5

Latest updateMay 13

Description

If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5suse/supportutilsunspecified — 3.1-5.7.1

▶NVDopensuse/supportutils< 3.1-5.7.1

🔴Vulnerability Details

GHSA

GHSA-82r4-3q2m-qgrm: If supportutils before version 3↗2022-05-13

▶

CVEList

Code execution if run with command line switch -v↗2019-03-05

▶