PT-2019-13725 · Sphinx Technologies+1 · Sphinx+1

Published

2019-06-02

Updated

2022-04-01

CVE-2019-14511

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Sphinx Technologies Sphinx version 3.1.1

Description The issue is related to the default configuration of Sphinx, which lacks authentication and listens on 0.0.0.0, making it exposed to the internet unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only.

Recommendations For version 3.1.1, reconfigure Sphinx to listen on 127.0.0.1 only or ensure it is filtered by a firewall to minimize exposure. Consider implementing authentication to secure the service.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-21

Related Identifiers

BDU:2022-00467

CVE-2019-14511

DLA-2882-1

DSA-5036-1

MGASA-2020-0087

OPENSUSE-SU-2022_0046-1

OPENSUSE-SU-2022_0054-1

Affected Products

Sphinx

Suse

PT-2019-13725 · Sphinx Technologies+1 · Sphinx+1

CVE-2019-14511

Weakness Enumeration

Related Identifiers

Affected Products

References · 30