exploitDog

CVE-2021-29005

Опубликовано: 11 окт. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.

Ссылки

http://rconfig.com
Vendor Advisory
https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh
Exploit
Third Party Advisory
http://rconfig.com
Vendor Advisory
https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rconfig:rconfig:3.9.6:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00054

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-rrwq-m4hx-jqg8

github

больше 3 лет назад

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.

EPSS

Процентиль: 17%

0.00054

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-276