Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
320
VMScore

CVE-2019-15718

Published: 04/09/2019 Updated: 07/11/2023
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 4.4 | Impact Score: 2.5 | Exploitability Score: 1.8
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Systemd

Vulnerability Summary

It exists that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system’s DNS resolver settings.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

systemd project systemd 240

fedoraproject fedora 29

fedoraproject fedora 30

fedoraproject fedora 31

redhat enterprise linux 8.0

redhat openshift container platform 4.1

redhat enterprise linux eus 8.1

redhat enterprise linux eus 8.2

redhat enterprise linux server tus 8.2

redhat enterprise linux server aus 8.2

redhat enterprise linux server tus 8.4

redhat enterprise linux eus 8.4

redhat enterprise linux server aus 8.4

redhat enterprise linux server update services for sap solutions 8.2

redhat enterprise linux server update services for sap solutions 8.4

redhat enterprise linux server update services for sap solutions 8.1

redhat enterprise linux for power little endian eus 8.2

redhat enterprise linux for ibm z systems eus 8.2

redhat enterprise linux for ibm z systems eus 8.1

redhat enterprise linux for power little endian eus 8.1

redhat enterprise linux for power little endian 8.0

redhat enterprise linux for ibm z systems eus 8.4

redhat enterprise linux for power little endian eus 8.4

redhat enterprise linux server for power little endian update services for sap solutions 8.1

redhat enterprise linux server for power little endian update services for sap solutions 8.2

redhat enterprise linux server for power little endian update services for sap solutions 8.4

redhat enterprise linux for ibm z systems eus s390x 8.1

redhat enterprise linux for ibm z systems eus s390x 8.2

redhat enterprise linux for ibm z systems 8 s390x

Vendor Advisories

Debian CVElist Bug Report Logs: systemd: CVE-2019-15718: Missing access controls on systemd-resolved's D-Bus interface
Debian Bug report logs - #939353 systemd: CVE-2019-15718: Missing access controls on systemd-resolved's D-Bus interface Package: src:systemd; Maintainer for src:systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 3 S ...
Ubuntu Security Notice: systemd vulnerability
systemd-resolved would allow unprivileged users to change DNS settings ...
Red Hat: Moderate: systemd security, bug fix, and enhancement update
Synopsis Moderate: systemd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for systemd is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...
Red Hat: Important: OpenShift Container Platform 4.1.24 machine-os-content-container security update
Synopsis Important: OpenShift Container Platform 4124 machine-os-content-container security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4124 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Pr ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Red Hat: CVE-2019-15718
Impact: Moderate Public Date: 2019-09-03 CWE: CWE-285 Bugzilla: 1746057: CVE-2019-15718 systemd: system ...
Arch Linux Issues:
systemd-resolved before v234 does not properly enforce any access control to its dbus methods, allowing any unprivileged user to access its API An attacker may use this flaw to configure the DNS, the Default Route or other properties of a network link Those operations should be performed only by an high-privileged user ...

References

NVD-CWE-noinfohttp://www.openwall.com/lists/oss-security/2019/09/03/1https://bugzilla.redhat.com/show_bug.cgi?id=1746057https://access.redhat.com/errata/RHSA-2019:3592https://access.redhat.com/errata/RHSA-2019:3941https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939353https://usn.ubuntu.com/4120-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook