CVE-2019-19585
First published: Mon Jan 06 2020(Updated: )
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rConfig rConfig | =3.9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-19585?
The severity of CVE-2019-19585 is high.
What is the affected software for CVE-2019-19585?
The affected software for CVE-2019-19585 is rConfig 3.9.3.
How can an attacker exploit CVE-2019-19585?
An attacker can exploit CVE-2019-19585 by bypassing local security restrictions using the high privileges granted to Apache after an rConfig specific Apache configuration update.
Are there any references available for CVE-2019-19585?
Yes, here are the references for CVE-2019-19585: [1] [2] [3].
What is the CWE ID for CVE-2019-19585?
The CWE ID for CVE-2019-19585 is 269.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/rconfig
- canonical/rconfig rconfig
- version/rconfig rconfig/3.9.3