ByteOS Network

Vulnerability Details :

CVE-2019-12735

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-05 Jun, 2019 | 13:07

Updated At-04 Aug, 2024 | 23:32

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:05 Jun, 2019 | 13:07

Updated At:04 Aug, 2024 | 23:32

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md	x_refsource_MISC
https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040	x_refsource_MISC
https://github.com/neovim/neovim/pull/10082	x_refsource_MISC
https://bugs.debian.org/930020	x_refsource_MISC
https://bugs.debian.org/930024	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/	vendor-advisory x_refsource_FEDORA
https://usn.ubuntu.com/4016-1/	vendor-advisory x_refsource_UBUNTU
https://usn.ubuntu.com/4016-2/	vendor-advisory x_refsource_UBUNTU
http://www.securityfocus.com/bid/108724	vdb-entry x_refsource_BID
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/	vendor-advisory x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html	vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html	vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html	vendor-advisory x_refsource_SUSE
https://www.debian.org/security/2019/dsa-4467	vendor-advisory x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Jun/33	mailing-list x_refsource_BUGTRAQ
https://support.f5.com/csp/article/K93144355	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:1619	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1774	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1793	vendor-advisory x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html	vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html	vendor-advisory x_refsource_SUSE
https://www.debian.org/security/2019/dsa-4487	vendor-advisory x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Jul/39	mailing-list x_refsource_BUGTRAQ
https://access.redhat.com/errata/RHSA-2019:1947	vendor-advisory x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html	mailing-list x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html	vendor-advisory x_refsource_SUSE
https://support.f5.com/csp/article/K93144355?utm_source=f5support&amp%3Butm_medium=RSS	x_refsource_CONFIRM
https://security.gentoo.org/glsa/202003-04	vendor-advisory x_refsource_GENTOO

Hyperlink: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md

Resource:

x_refsource_MISC

Hyperlink: https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040

Resource:

x_refsource_MISC

Hyperlink: https://github.com/neovim/neovim/pull/10082

Resource:

x_refsource_MISC

Hyperlink: https://bugs.debian.org/930020

Resource:

x_refsource_MISC

Hyperlink: https://bugs.debian.org/930024

Resource:

x_refsource_MISC

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: https://usn.ubuntu.com/4016-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: https://usn.ubuntu.com/4016-2/

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.securityfocus.com/bid/108724

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: https://www.debian.org/security/2019/dsa-4467

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: https://seclists.org/bugtraq/2019/Jun/33

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: https://support.f5.com/csp/article/K93144355

Resource:

x_refsource_CONFIRM

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1619

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1774

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1793

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: https://www.debian.org/security/2019/dsa-4487

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: https://seclists.org/bugtraq/2019/Jul/39

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1947

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: https://support.f5.com/csp/article/K93144355?utm_source=f5support&amp%3Butm_medium=RSS

Resource:

x_refsource_CONFIRM

Hyperlink: https://security.gentoo.org/glsa/202003-04

Resource:

vendor-advisory

x_refsource_GENTOO

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md	x_refsource_MISC x_transferred
https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040	x_refsource_MISC x_transferred
https://github.com/neovim/neovim/pull/10082	x_refsource_MISC x_transferred
https://bugs.debian.org/930020	x_refsource_MISC x_transferred
https://bugs.debian.org/930024	x_refsource_MISC x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/	vendor-advisory x_refsource_FEDORA x_transferred
https://usn.ubuntu.com/4016-1/	vendor-advisory x_refsource_UBUNTU x_transferred
https://usn.ubuntu.com/4016-2/	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.securityfocus.com/bid/108724	vdb-entry x_refsource_BID x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/	vendor-advisory x_refsource_FEDORA x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html	vendor-advisory x_refsource_SUSE x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html	vendor-advisory x_refsource_SUSE x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html	vendor-advisory x_refsource_SUSE x_transferred
https://www.debian.org/security/2019/dsa-4467	vendor-advisory x_refsource_DEBIAN x_transferred
https://seclists.org/bugtraq/2019/Jun/33	mailing-list x_refsource_BUGTRAQ x_transferred
https://support.f5.com/csp/article/K93144355	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2019:1619	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2019:1774	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2019:1793	vendor-advisory x_refsource_REDHAT x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html	vendor-advisory x_refsource_SUSE x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html	vendor-advisory x_refsource_SUSE x_transferred
https://www.debian.org/security/2019/dsa-4487	vendor-advisory x_refsource_DEBIAN x_transferred
https://seclists.org/bugtraq/2019/Jul/39	mailing-list x_refsource_BUGTRAQ x_transferred
https://access.redhat.com/errata/RHSA-2019:1947	vendor-advisory x_refsource_REDHAT x_transferred
https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html	mailing-list x_refsource_MLIST x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html	vendor-advisory x_refsource_SUSE x_transferred
https://support.f5.com/csp/article/K93144355?utm_source=f5support&amp%3Butm_medium=RSS	x_refsource_CONFIRM x_transferred
https://security.gentoo.org/glsa/202003-04	vendor-advisory x_refsource_GENTOO x_transferred

Hyperlink: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://github.com/neovim/neovim/pull/10082

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://bugs.debian.org/930020

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://bugs.debian.org/930024

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: https://usn.ubuntu.com/4016-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: https://usn.ubuntu.com/4016-2/

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://www.securityfocus.com/bid/108724

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: https://www.debian.org/security/2019/dsa-4467

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: https://seclists.org/bugtraq/2019/Jun/33

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: https://support.f5.com/csp/article/K93144355

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1619

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1774

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1793

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: https://www.debian.org/security/2019/dsa-4487

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: https://seclists.org/bugtraq/2019/Jul/39

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1947

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: https://support.f5.com/csp/article/K93144355?utm_source=f5support&amp%3Butm_medium=RSS

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://security.gentoo.org/glsa/202003-04

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:05 Jun, 2019 | 14:29

Updated At:07 Nov, 2023 | 03:03

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.6	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.0

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 9.3

Base severity: HIGH

Vector:

AV:N/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

Vim

>>vim>>Versions before 8.1.1365(exclusive)

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

neovim>>neovim>>Versions before 0.3.6(exclusive)

cpe:2.3:a:neovim:neovim:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-78	Primary	nvd@nist.gov

CWE ID: CWE-78

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html	cve@mitre.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html	cve@mitre.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html	cve@mitre.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html	cve@mitre.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html	cve@mitre.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html	cve@mitre.org	N/A
http://www.securityfocus.com/bid/108724	cve@mitre.org	N/A
https://access.redhat.com/errata/RHSA-2019:1619	cve@mitre.org	N/A
https://access.redhat.com/errata/RHSA-2019:1774	cve@mitre.org	N/A
https://access.redhat.com/errata/RHSA-2019:1793	cve@mitre.org	N/A
https://access.redhat.com/errata/RHSA-2019:1947	cve@mitre.org	N/A
https://bugs.debian.org/930020	cve@mitre.org	Mailing List Third Party Advisory
https://bugs.debian.org/930024	cve@mitre.org	Mailing List Third Party Advisory
https://github.com/neovim/neovim/pull/10082	cve@mitre.org	Patch Third Party Advisory
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md	cve@mitre.org	Exploit Patch Third Party Advisory
https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040	cve@mitre.org	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html	cve@mitre.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/	cve@mitre.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/	cve@mitre.org	N/A
https://seclists.org/bugtraq/2019/Jul/39	cve@mitre.org	N/A
https://seclists.org/bugtraq/2019/Jun/33	cve@mitre.org	N/A
https://security.gentoo.org/glsa/202003-04	cve@mitre.org	N/A
https://support.f5.com/csp/article/K93144355	cve@mitre.org	N/A
https://support.f5.com/csp/article/K93144355?utm_source=f5support&amp%3Butm_medium=RSS	cve@mitre.org	N/A
https://usn.ubuntu.com/4016-1/	cve@mitre.org	N/A
https://usn.ubuntu.com/4016-2/	cve@mitre.org	N/A
https://www.debian.org/security/2019/dsa-4467	cve@mitre.org	N/A
https://www.debian.org/security/2019/dsa-4487	cve@mitre.org	N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/108724

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1619

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1774

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1793

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://access.redhat.com/errata/RHSA-2019:1947

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://bugs.debian.org/930020

Source: cve@mitre.org

Resource:

Mailing List

Third Party Advisory

Hyperlink: https://bugs.debian.org/930024

Source: cve@mitre.org

Resource:

Mailing List

Third Party Advisory

Hyperlink: https://github.com/neovim/neovim/pull/10082

Source: cve@mitre.org

Resource:

Patch

Third Party Advisory

Hyperlink: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md

Source: cve@mitre.org

Resource:

Exploit

Patch

Third Party Advisory

Hyperlink: https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040

Source: cve@mitre.org

Resource:

Patch

Third Party Advisory

Hyperlink: https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://seclists.org/bugtraq/2019/Jul/39

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://seclists.org/bugtraq/2019/Jun/33

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://security.gentoo.org/glsa/202003-04

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://support.f5.com/csp/article/K93144355

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://support.f5.com/csp/article/K93144355?utm_source=f5support&amp%3Butm_medium=RSS

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://usn.ubuntu.com/4016-1/

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://usn.ubuntu.com/4016-2/

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.debian.org/security/2019/dsa-4467

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.debian.org/security/2019/dsa-4487

Source: cve@mitre.org

Resource: N/A

Similar CVEs

103Records found

CVE-2021-1594

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-7.5||HIGH

EPSS-0.16% / 36.90%

7 Day CHG~0.00%

Published-06 Oct, 2021 | 19:46

Updated-07 Nov, 2024 | 21:47

Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting and modifying specific internode communications from one ISE persona to another ISE persona. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying operating system. To exploit this vulnerability, the attacker would need to decrypt HTTPS traffic between two ISE personas that are located on separate nodes.

Vendor-Cisco Systems, Inc.

Product-identity_services_engine Cisco Identity Services Engine Software

CWE ID-CWE-266

Incorrect Privilege Assignment

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2020-5760

Matching Score-4

Assigner-Tenable Network Security, Inc.

View Details

Matching Score-4

Assigner-Tenable Network Security, Inc.

CVSS Score-7.8||HIGH

EPSS-3.94% / 87.87%

7 Day CHG~0.00%

Published-29 Jul, 2020 | 18:51

Updated-04 Aug, 2024 | 08:39

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.

Vendor-grandstream n/a

Product-ht812_firmware ht813 ht802 ht813_firmware ht802_firmware ht801 ht818 ht814 ht818_firmware ht801_firmware ht814_firmware ht812 Grandstream HT800 Series

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2015-5958

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-40.68% / 97.27%

7 Day CHG~0.00%

Published-31 Aug, 2017 | 22:00

Updated-20 Apr, 2025 | 01:37

phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.

Vendor-phpfilemanager_project n/a

Product-phpfilemanager n/a

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2019-12735

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs