| |
Vulnerability CVE-2021-29005
Published: 2021-10-11
| Description: |
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. |
Type:
CWE-276 (Incorrect Default Permissions)
CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
9/10 |
10/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh
http://rconfig.com
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
