CVE-2019-18905

EPSS 0.11%
Published 03.04.2020 11:15:12
Last modified 21.11.2024 04:33:49
Source meissner@suse.de
Teams watchlist Login
Open Login

A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Opensuse ≫ Autoyast2 Version <= 4.1.9-3.9.1

Suse ≫ Linux Enterprise Server Version12 Update-

Opensuse ≫ Autoyast2 Version <= 4.0.70-3.20.1

Suse ≫ Linux Enterprise Server Version15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.257

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
meissner@suse.de	4.8	2.2	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00050.html

https://bugzilla.suse.com/show_bug.cgi?id=1140711

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-18905

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18905

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18905

EUVD