How severe is CVE-2019-19882?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2019-19882?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2019-19882

HIGH Year: 2019

CVSS v3 Score

7.8

High

CVSS v2 Score

6.9

Medium

Weakness Type

CWE-732

View all →

Vulnerability Description

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).

CVE-2007-5544

HIGH

CVSS:7.8(High)

IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC,...

CWE-7322007

CVE-2008-0322

HIGH

CVSS:7.8(High)

The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. N...

CWE-7322008

CVE-2008-0662

HIGH

CVSS:7.8(High)

The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control p...

CWE-7322008

CVE-2009-0115

HIGH

CVSS:7.8(High)

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating system...

CWE-7322009

CVE-2009-3289

HIGH

CVSS:7.8(High)

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demons...

CWE-7322009

CVE-2009-3482

HIGH

CVSS:7.8(High)

TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by rep...

CWE-7322009

CVE-2019-19882

Vulnerability Description

Related Vulnerabilities

CVE-2007-5544

CVE-2008-0322

CVE-2008-0662

CVE-2009-0115

CVE-2009-3289

CVE-2009-3482