CVE-2019-14902
CVE-2019-14902
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
21 Jan 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected products
[UNKNOWN] · sambaWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902https://lists.debian.org/debian-lts-announce/2021/05/msg00023.htmlhttps://lists.debian.org/debian-lts-announce/2023/09/msg00013.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/https://security.gentoo.org/glsa/202003-52https://security.netapp.com/advisory/ntap-20200122-0001/https://usn.ubuntu.com/4244-1/https://www.samba.org/samba/security/CVE-2019-14902.htmlhttps://www.synology.com/security/advisory/Synology_SA_20_01