CVE-2019-20807

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

References

https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075

https://github.com/vim/vim/releases/tag/v8.1.0881

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html

https://support.apple.com/kb/HT211289

http://seclists.org/fulldisclosure/2020/Jul/24

https://usn.ubuntu.com/4582-1/

https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html

Details

Source: MITRE

Published: 2020-05-28

Updated: 2022-01-11

Type: CWE-78

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Impact Score: 3.4

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
156575Debian DLA-2876-1 : vim - LTS security updateNessusDebian Local Security Checks
high
155351Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Vim vulnerabilities (USN-5147-1)NessusUbuntu Local Security Checks
high
150673SUSE SLES11 Security Update : vim (SUSE-SU-2020:14385-1)NessusSuSE Local Security Checks
medium
147392NewStart CGSL MAIN 6.02 : vim Vulnerability (NS-SA-2021-0074)NessusNewStart CGSL Local Security Checks
medium
145865CentOS 8 : vim (CESA-2020:4453)NessusCentOS Local Security Checks
medium
144995Amazon Linux AMI : vim (ALAS-2021-1474)NessusAmazon Linux Local Security Checks
medium
144469Amazon Linux AMI : vim-common (ALAS-2020-1468) (deprecated)NessusAmazon Linux Local Security Checks
medium
142791Oracle Linux 8 : vim (ELSA-2020-4453)NessusOracle Linux Local Security Checks
medium
142512EulerOS Virtualization 3.0.6.6 : vim (EulerOS-SA-2020-2455)NessusHuawei Local Security Checks
medium
142440RHEL 8 : vim (RHSA-2020:4453)NessusRed Hat Local Security Checks
medium
142335EulerOS 2.0 SP2 : vim (EulerOS-SA-2020-2404)NessusHuawei Local Security Checks
medium
141100macOS 10.15.x < 10.15.6 / 10.14.x < 10.14.6 Security Update 2020-004 / 10.13.x < 10.13.6 Security Update 2020-004NessusMacOS X Local Security Checks
critical
140949EulerOS Virtualization for ARM 64 3.0.6.0 : vim (EulerOS-SA-2020-2001)NessusHuawei Local Security Checks
medium
140901EulerOS 2.0 SP3 : vim (EulerOS-SA-2020-2134)NessusHuawei Local Security Checks
medium
140327EulerOS Virtualization for ARM 64 3.0.2.0 : vim (EulerOS-SA-2020-1957)NessusHuawei Local Security Checks
medium
140155EulerOS 2.0 SP5 : vim (EulerOS-SA-2020-1934)NessusHuawei Local Security Checks
medium
139990EulerOS 2.0 SP8 : vim (EulerOS-SA-2020-1887)NessusHuawei Local Security Checks
medium
138676openSUSE Security Update : vim (openSUSE-2020-794)NessusSuSE Local Security Checks
medium
137644Photon OS 1.0: Vim PHSA-2020-1.0-0300NessusPhotonOS Local Security Checks
medium
137590SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2020:1551-1)NessusSuSE Local Security Checks
medium
137589SUSE SLES12 Security Update : vim (SUSE-SU-2020:1550-1)NessusSuSE Local Security Checks
medium
137202Photon OS 3.0: Vim PHSA-2020-3.0-0102NessusPhotonOS Local Security Checks
medium
137196Photon OS 2.0: Vim PHSA-2020-2.0-0251NessusPhotonOS Local Security Checks
medium