CVE-2019-14868

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ksh version 20120801

Description A flaw was found in the way ksh evaluates certain environment variables, allowing an attacker to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

Recommendations For ksh version 20120801, consider restricting the use of environment variables that could be exploited by remote attackers until a patch is available. As a temporary workaround, limit the ability of services and applications to accept environment variables from unauthenticated sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CESA-2020_0515

CESA-2020_0559

CESA-2020_0568

CVE-2019-14868

DLA-2284-1

MGASA-2021-0141

OPENSUSE-SU-2024:14252-1

RHSA-2020:0431

RHSA-2020:0515

RHSA-2020:0559

RHSA-2020:0568

RHSA-2020:1332

RHSA-2020:1333

RHSA-2020:2210

RHSA-2020:5351

RHSA-2020:5352

RHSA-2020_0515

RHSA-2020_0559

RHSA-2020_0568

SUSE-SU-2024:2756-1

SUSE-SU-2024_2756-1

Affected Products

Centos

Red Hat

Suse

Ksh

CVE-2019-14868

Weakness Enumeration

Related Identifiers

Affected Products

References · 29