VDB
CVE-2019-3688
CVE-2019-3688
PUBLISHED
CVSS 5.099999904632568 MEDIUM
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary
EPSS 0.06% · 18.1th percentile
Risk Scores
CVSS 3.1
5.099999904632568
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS Score
0.06%
18.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE Linux Enterprise Server 12 | squid |
| SUSE | SUSE Linux Enterprise Server 15 | squid |
| suse | suse_linux_enterprise_server | 12, 12, 15 |
Exploit Intelligence
- https://bugzilla.suse.com/show_bug.cgi?id=1093414 (circl)
- openSUSE-SU-2019:2540 (circl)
- openSUSE-SU-2019:2541 (circl)
- openSUSE-SU-2019:2672 (circl)
Timeline
- Oct 7, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://bugzilla.suse.com/show_bug.cgi?id=1093414 url
- openSUSE-SU-2019:2540 vendor-advisory
- openSUSE-SU-2019:2541 vendor-advisory
- openSUSE-SU-2019:2672 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-3688 advisory