← Volver a CVEs
CVE-2020-7954
HIGH7.8
Descripcion
An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado2/6/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
opservices:opmon
Debilidades (CWE)
CWE-306
Referencias
https://medium.com/%40ph0rensic(cve@mitre.org)
https://medium.com/%40ph0rensic(af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.