CVE-2019-14868 — HIGH (7.4)

Q: How severe is CVE-2019-14868?

CVE-2019-14868 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-14868?

Check the references section above for vendor advisories and patch information. Affected products include: Ksh Project Ksh, Debian Debian Linux, Apple Mac Os X.

Vulnerability Description

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ksh Project	Ksh	20120801
Debian	Debian Linux	9.0
Apple	Mac Os X	< 10.15.5

Related Weaknesses (CWE)

CWE-77

References

http://seclists.org/fulldisclosure/2020/May/53Mailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868Issue TrackingThird Party Advisory
https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00015.htmlMailing ListThird Party Advisory
https://support.apple.com/kb/HT211170Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/53Mailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868Issue TrackingThird Party Advisory
https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00015.htmlMailing ListThird Party Advisory
https://support.apple.com/kb/HT211170Third Party Advisory

FAQ

What is CVE-2019-14868?

CVE-2019-14868 is a vulnerability with a CVSS score of 7.4 (HIGH). In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell command...

How severe is CVE-2019-14868?

CVE-2019-14868 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14868?

Check the references section above for vendor advisories and patch information. Affected products include: Ksh Project Ksh, Debian Debian Linux, Apple Mac Os X.