CVE-2019-14287
critical-risk
Published 2019-10-17
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Do I need to act?
!
85.8% chance of exploitation in next 30 days
EPSS score — higher than 14% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (74)
Third Party Advisory
http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Upd...
Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:3248
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3197
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3204
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3205
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3209
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3219
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3278
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3694
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3754
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3755
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3895
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3916
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3941
and 54 more references
75
/ 100
critical-risk
Severity
30/34 · Critical
Exploitability
20/34 · Moderate
Exposure
25/34 · High