CVE-2020-27985

Опубликовано: 23 нояб. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home//SecurityOnion/setup/so-setup.

Ссылки

https://github.com/Security-Onion-Solutions/securityonion/commit/b14670030349a2747a00ace665568ab5f51ac47b
Patch
Third Party Advisory
https://github.com/Security-Onion-Solutions/securityonion/releases
Release Notes
Third Party Advisory
https://s1gh.sh/cve-2020-27985-security-onion-local-privilege-escalation/
Exploit
Patch
Third Party Advisory
https://github.com/Security-Onion-Solutions/securityonion/commit/b14670030349a2747a00ace665568ab5f51ac47b
Patch
Third Party Advisory
https://github.com/Security-Onion-Solutions/securityonion/releases
Release Notes
Third Party Advisory
https://s1gh.sh/cve-2020-27985-security-onion-local-privilege-escalation/
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:securityonionsolutions:security_onion:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.3.10 (исключая)

EPSS

Процентиль: 18%

0.00057

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-306