CVE-2024-45173

5 Sep 2024

Título es

CVE-2024-45173

Jue, 05/09/2024 – 15:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-45173

Descripción en

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges.

05/09/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-027.txt

https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030

Enviar en el boletín

Off

CVE-2024-45173

CVE-2024-45173

Jose Alexis Correa Valencia