exploitDog

CVE-2020-14162

Опубликовано: 30 июл. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command.

Ссылки

https://0xpanic.github.io/2020/07/21/Pihole.html
Exploit
Third Party Advisory
https://docs.pi-hole.net/core/pihole-command/
Vendor Advisory
https://0xpanic.github.io/2020/07/21/Pihole.html
Exploit
Third Party Advisory
https://docs.pi-hole.net/core/pihole-command/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pi-hole:pi-hole:*:*:*:*:*:*:*:*

Версия до 5.1 (исключая)

EPSS

Процентиль: 30%

0.00115

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-x839-xh4j-fgrf

github

больше 3 лет назад

An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command.

EPSS

Процентиль: 30%

0.00115

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-78