CVE-2019-3475
Local privilege escalation in Filr famtd
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Una vulnerabilidad de escalado de privilegios local en el componente famtd de Micro Focus Filr 3.0 permite que un atacante local autenticado como usuario con bajos privilegios escale a root. Esta vulnerabilidad afecta a todas las versiones 3.x de Filr anteriores al Security Update 6.
Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities.
*Credits:
This vulnerability was discovered and researched by Matias Choren from SecureAuth.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-31 CVE Reserved
- 2019-02-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-269: Improper Privilege Management
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://download.novell.com/Download?buildid=nZUCSDkvpxk~ | X_refsource_misc | |
| https://support.microfocus.com/kb/doc.php?id=7023727 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/46450 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | - |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | update_1 |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | update_2 |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | update_3 |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | update_4 |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|
| Microfocus Search vendor "Microfocus" | Filr Search vendor "Microfocus" for product "Filr" | 3.0 Search vendor "Microfocus" for product "Filr" and version "3.0" | update_5 |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Safe
|