Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-18862

6 documents6 sources
Severity
7.8HIGH
EPSS
0.7%
top 27.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Mailutils
Timeline
PublishedNov 11
Latest updateMay 24

Description

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDgnu/mailutils< 3.8
Debianmailutils< 1:3.8-1+3

🔴Vulnerability Details

3
GHSA
GHSA-rww3-9vvq-977p: maidag in GNU Mailutils before 32022-05-24
CVEList
CVE-2019-18862: maidag in GNU Mailutils before 32019-11-11
OSV
CVE-2019-18862: maidag in GNU Mailutils before 32019-11-11

💥Exploits & PoCs

1
Exploit-DB
GNU Mailutils 3.7 - Privilege Escalation2019-11-21

📋Vendor Advisories

1
Debian
CVE-2019-18862: mailutils - maidag in GNU Mailutils before 3.8 is installed setuid and allows local privileg...2019
CVE-2019-18862 (HIGH CVSS 7.8) | maidag in GNU Mailutils before 3.8 | cvebase.io