VDB
CVE-2019-14553
CVE-2019-14553
PUBLISHED
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
EPSS 0.11% · 29.5th percentile
Risk Scores
EPSS Score
0.11%
29.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | edk2 | *, 0~20180205.c0d9813c-2, 0~20180205.c0d9813c-2ubuntu0.1 |
| Ubuntu:Pro:16.04:LTS | edk2 | 0~20150106.5c2d456b-2, 0~20160104.c2a892d7-1, 0~20160408.ffea0a2c-2 |
Exploit Intelligence
- curl successfully matches IP address literal in URL against IP address literal in certificate Common Name (hackerone)
- curl successfully matches IP address literal in URL against IP address literal in certificate Common Name (hackerone)
- curl successfully matches IP address literal in URL against IP address literal in certificate Common Name (hackerone)
Timeline
- CVE Published
- Jan 8, 2021 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-14553 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-14553 third-party-advisory