← Back to CVEs
CVE-2021-29005
HIGH8.8
Description
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published10/11/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
rconfig:rconfig
Weaknesses (CWE)
CWE-276
References
http://rconfig.com(cve@mitre.org)
http://rconfig.com(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.