Dashboard Toolbox - VM DASHBOARD BETA: Security Notification for Sudo Vulnerability (CVE-2019-14287) v2.0

Document created by DMFezzaReed Employee on Oct 15, 2019Last modified by DMFezzaReed Employee on Nov 7, 2019
Version 6Show Document
  • View in full screen mode

Attached JSON file updated Nov 07, 2019. by DMFezzaReed

This page contains information to create a CVE-2019-14287 QID VM Dashboard leveraging data in your Qualys Vulnerability Management subscription. 








As of this posting, the following QIDs are associated with this vulnerability:





Updated As of 10/28/2019 (v2.0), three additonal QIDs have been added: 







Should any additional QIDs be added for CVE-2019-14287, please refer to "How to Update this Dashboard" section below.








Note: More QIDs to follow as vendor confirm and release updates for their distros




This dashboard is part of the New VM Dashboard Beta program is not intended for production use, and subject to modification without notice.  If you have any questions regarding the content, please comment below or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc.




Related Post: TBA






The widgets in this dashboard are based on the following base query:










CVE-2019-14287 QIDs:

vulnerabilities.vulnerability:(qid:172628 OR qid:177379 OR qid:197665 OR qid:351703 OR qid:351709)

v2.0 Three Additional QIDs added:

vulnerabilities.vulnerability:(qid:172628 OR qid:172664 OR qid:172668 OR qid:177379 OR qid:197665 OR qid:351703 OR qid:351709 OR qid:372173)






VULNERABILITY: These QIDs provide supporting details related to the QIDs above:




Unix Authentication Method: vulnerabilities.vulnerability.qid:38307

Unix Authentication Not Attempted: vulnerabilities.vulnerability.qid:105297

Unix Authentication Failed: vulnerabilities.vulnerability.qid:105053

Unix Authentication Timeout Occurred: vulnerabilities.vulnerability.qid:115263

Paired each of the above with the operatingSystem tokens below to narrow results:

operatingSystem:amazon linux

v2.0 OS Added:
operatingSystem:red hat














Consider the possibilities for this dashboard.  It could be updated to report by status (vulnerabilities.status: [NEW,ACTIVE,REOPENED,FIXED]), or patchable vs. configuration (vulnerabilities.vulnerability.patchAvailable: TRUE/FALSE).  For examples of widgets using these tokens, please visit Dashboard Toolbox - Top 10 Vulnerabilities Scorecard BETA.





IMPORTANT: Importing Dashboard and/or Widget JSON files - Enable historical data collection




When you export dashboard(s) and/or widget(s) that have "Enable historical data collection" turned on, and then import them later, you will have to manually "Enable historical data collection" following your import.  This is by design.  The action of turning on this feature starts the clock for data retention.











Demonstration Image(s)












How to Update this Dashboard




In the event additional QIDs are added to CVE-2019-14287, below are images on which widget(s):




  1. Require NO Updates
  2. Need to be Added and Configured
  3. Require Vulnerability query modification






































If you have any questions, please post them below, contact your TAM, or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc..










Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA [CLOSED] 


Back to Dashboards and Reporting Resources - Start Here