Описание
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party AdvisoryVendor Advisory
- PatchThird Party AdvisoryVendor Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitIssue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party AdvisoryVendor Advisory
- PatchThird Party AdvisoryVendor Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
Связанные уязвимости
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1 ...
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.
EPSS
8.8 High
CVSS3
7.8 High
CVSS3
7.2 High
CVSS2