CVE-2017-6516

Опубликовано: 14 мар. 2017

Источник: nvd

CVSS3: 6.7

CVSS2: 7.2

EPSS Средний

Описание

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.

Ссылки

http://www.magnicomp.com/support/cve/CVE-2017-6516.shtml
Third Party Advisory
http://www.securityfocus.com/bid/96934
Third Party Advisory
VDB Entry
https://labs.mwrinfosecurity.com/advisories/magnicomps-sysinfo-root-setuid-local-privilege-escalation-vulnerability/
Third Party Advisory
https://labs.mwrinfosecurity.com/advisories/multiple-vulnerabilities-in-magnicomps-sysinfo-root-setuid/
Third Party Advisory
https://www.exploit-db.com/exploits/44150/
http://www.magnicomp.com/support/cve/CVE-2017-6516.shtml
Third Party Advisory
http://www.securityfocus.com/bid/96934
Third Party Advisory
VDB Entry
https://labs.mwrinfosecurity.com/advisories/magnicomps-sysinfo-root-setuid-local-privilege-escalation-vulnerability/
Third Party Advisory
https://labs.mwrinfosecurity.com/advisories/multiple-vulnerabilities-in-magnicomps-sysinfo-root-setuid/
Third Party Advisory
https://www.exploit-db.com/exploits/44150/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:magnicomp:sysinfo:*:*:*:*:*:*:*:*

Версия до 10-h62 (включая)

EPSS

Процентиль: 96%

0.21359

Средний

6.7 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-2pvq-xmrh-grxp