CVE-2019-14257 — HIGH (7.8)

Vulnerability Description

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zenoss	Zenoss	2.5.3

Related Weaknesses (CWE)

CWE-264

References

https://www.coalfire.com/The-Coalfire-BlogVendor Advisory
https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-complExploitVendor Advisory
https://www.coalfire.com/The-Coalfire-BlogVendor Advisory
https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-complExploitVendor Advisory

FAQ

What is CVE-2019-14257?

CVE-2019-14257 is a vulnerability with a CVSS score of 7.8 (HIGH). pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.

How severe is CVE-2019-14257?

CVE-2019-14257 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14257?

Check the references section above for vendor advisories and patch information. Affected products include: Zenoss Zenoss.