5.5

CVE-2019-15876

EPSS 0.12%
Veröffentlicht 28.04.2020 20:15:12
Zuletzt bearbeitet 21.11.2024 04:29:39
Quelle secteam@freebsd.org
CVE-Watchlists
Login
Unerledigt
Login

In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version11.3 Update-

Freebsd ≫ Freebsd Version11.3 Updatep1

Freebsd ≫ Freebsd Version11.3 Updatep2

Freebsd ≫ Freebsd Version11.3 Updatep3

Freebsd ≫ Freebsd Version11.3 Updatep4

Freebsd ≫ Freebsd Version11.3 Updatep5

Freebsd ≫ Freebsd Version11.3 Updatep6

Freebsd ≫ Freebsd Version12.1 Update-

Freebsd ≫ Freebsd Version12.1 Updatep1

Freebsd ≫ Freebsd Version12.1 Updatep2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.308

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-15876

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-15876

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-15876

EUVD