netapp element-software-management-node CVE-2019-14287 vulnerability in NetApp and Other Products
Published on October 17, 2019

product logo product logo product logo product logo product logo product logo product logo
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2019-14287

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-14287 are published in these products:

NetApp Element Software Management Node
 
Sudoproject Sudo
 
Canonical Ubuntu Linux
 
Debian Linux
 
Fedora Project Fedora
 
OpenSuse Leap
 
Red Hat Openshift Container Platform
 
Red Hat Virtualization
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Eus
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Server Aus
 
Red Hat Enterprise Linux Server Tus
 
Red Hat Enterprise Linux Workstation
 

Exploit Probability

EPSS
85.81%
Percentile
99.36%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.