Описание
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 201812 (исключая)
Одновременно
cpe:2.3:o:cerner:connectivity_engine_4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cerner:connectivity_engine_4:-:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00049
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-1188
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command.
EPSS
Процентиль: 15%
0.00049
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-1188