CVE-2019-14868

high

Description

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868

https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2

https://support.apple.com/kb/HT211170

http://seclists.org/fulldisclosure/2020/May/53

https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html

https://access.redhat.com/errata/RHSA-2020:2210

https://access.redhat.com/errata/RHSA-2020:1332

https://access.redhat.com/errata/RHSA-2020:5351

https://access.redhat.com/errata/RHSA-2020:5352

https://bugzilla.redhat.com/show_bug.cgi?id=1757324

https://access.redhat.com/errata/RHSA-2020:0568

https://access.redhat.com/errata/RHSA-2020:0515

https://access.redhat.com/errata/RHSA-2020:0559

https://access.redhat.com/errata/RHSA-2020:0431

https://access.redhat.com/errata/RHSA-2020:1333

https://access.redhat.com/security/cve/CVE-2019-14868

Details

Source: MITRE

Published: 2020-04-02

Updated: 2023-02-02

Type: CWE-77

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH