CVE-2019-25058

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions USBGuard versions prior to 1.1.0

Description The issue is related to an access error in the usbguard-dbus daemon of the USBGuard software, which allows an unprivileged user to connect USB devices. This could enable an attacker to access confidential data, compromise data integrity, and cause a denial of service. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the usbguard-dbus daemon until a patch is available. Restrict access to the USB devices to minimize the risk of exploitation.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALSA-2023:0087

ALSA-2023:0303

ALT-PU-2023-4095

ALT-PU-2023-4132

ALT-PU-2023-5110

AZL-8805

BDU:2023-01654

CESA-2023_0087

CVE-2019-25058

DLA-2979-1

OESA-2022-2088

OPENSUSE-SU-2024:11871-1

RHSA-2022:8679

RHSA-2022:8806

RHSA-2022:8971

RHSA-2023:0087

RHSA-2023:0303

RHSA-2023_0087

RHSA-2023_0303

RLSA-2023:0087

RLSA-2023:0303

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Red Hat

Red Os

Rocky Linux

Usbguard

CVE-2019-25058

Weakness Enumeration

Related Identifiers

Affected Products

References · 41