CVE-2019-15846 is missing

Hi everybody,

today i was informed about the CVE-2019-15846 (https://nvd.nist.gov/vuln/detail/CVE-2019-15846). In my department we have to look at this and check if it is existing at one of our machines. I wanted to check these machines with the GSM (150V/CENO) but i didn’t find the CVE in the database.
Therefore i updated the feeds but nothing still happened. All i found was the associated CB-K19-0777 (https://www.cert-bund.de/advisoryshort/CB-K19-0777).

So please could you let me know if the CVE is coming soon?

Thanks!

A version based check should be available in the feed since Friday evening:

Name: Exim < 4.92.2 RCE Vulnerability
OID: 1.3.6.1.4.1.25623.1.0.142854

Additional authentication based checks (Local Security Checks/LSC) for Debian are available as of today (the SecInfo Portal is lacking behind a day and the links might not work currently):

Name: Debian Security Advisory DSA 4517-1 (exim4 - security update)
OID: https://secinfo.greenbone.net/nvt/1.3.6.1.4.1.25623.1.0.704517

Name: Debian LTS Advisory ([SECURITY] [DLA 1911-1] exim4 security update)
OID: https://secinfo.greenbone.net/nvt/1.3.6.1.4.1.25623.1.0.891911

Coverage for additional Linux Distributions (e.g. RHEL, Ubuntu, Fedora, …) will follow in the next few days based on the availability of vendor advisories.

1 Like