Skip to main content

Cpanel CVE-2019-14404

MEDIUM
2019-07-30 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 30, 2019 - 15:15 nvd
MEDIUM 5.5

DescriptionNVD

cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484).

AnalysisAI

cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). Affected products include: Cpanel. Version information: before 78.0.18.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Cpanel

View all
CVE-2023-29489 MEDIUM POC
6.1 Apr 27

An issue was discovered in cPanel before 11.109.9999.116. Rated medium severity (CVSS 6.1), this vulnerability is remote

CVE-2018-16236 MEDIUM POC
6.1 Aug 30

cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is

CVE-2020-26108 CRITICAL
9.8 Sep 25

cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). Rated critical severit

CVE-2020-26105 CRITICAL
9.8 Sep 25

In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). Rated critical severit

CVE-2020-26101 CRITICAL
9.8 Sep 25

In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). Rated critical severit

CVE-2020-26100 CRITICAL
9.8 Sep 25

chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). Rated critical severity (CVSS 9.8), this vulnerability

CVE-2020-26098 CRITICAL
9.8 Sep 25

cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). Rated critical severit

CVE-2020-10121 CRITICAL
9.8 Mar 17

cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546). Rated critical s

CVE-2020-10119 CRITICAL
9.8 Mar 17

cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). Rated c

CVE-2020-10118 CRITICAL
9.1 Mar 17

cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543). Rated critical severity (C

CVE-2020-10117 CRITICAL
9.1 Mar 17

cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542). Rated critical sever

CVE-2019-17375 HIGH
8.8 Oct 09

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).

Share

CVE-2019-14404 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy