Vulnerability CVE-2020-7954


Published: 2020-02-06

Description:
An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo.

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Opservices -> Opmon 

 References:
https://medium.com/@ph0rensic
https://medium.com/@ph0rensic/three-cves-on-opmon-3ca775a262f5

Copyright 2024, cxsecurity.com

 

Back to Top