Libpcap
CVE-2019-15162
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
AnalysisAI
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-345. rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. Affected products include: Tcpdump Libpcap. Version information: before 1.9.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daem
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. Rated med
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. Rated medium seve
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. Rated medium se
Remote packet capture support is disabled by default in libpcap. Rated medium severity (CVSS 4.4), this vulnerability is
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today