1. Home
  2. CVE Database
  3. CVE-2019-3698
MEDIUM · 5.7

CVE-2019-3698

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to ...

Vulnerability Description

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
NagiosNagios< 3.5.1
SuseLinux Enterprise Server12
OpensuseBackports Sle15.0
OpensuseLeap15.1

Related Weaknesses (CWE)

CWE-59

References

FAQ

What is CVE-2019-3698?

CVE-2019-3698 is a vulnerability with a CVSS score of 5.7 (MEDIUM). UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to ...

How severe is CVE-2019-3698?

CVE-2019-3698 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3698?

Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios, Suse Linux Enterprise Server, Opensuse Backports Sle, Opensuse Leap.