CVE-2018-20052 Information
Feb 14, 2021
cve
Description
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the \sudo ln -s /tmp/script /etc/cron.hourly/script\ command.
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://www.securifera.com/advisories/cve-2018-20052-20053/
An
issue
was
discovered
on
Cerner
Connectivity
Engine
(CCE)
4
devices.
The
user
running
the
main
CCE
firmware
has
NOPASSWD
sudo
privileges
to
several
utilities
that
could
be
used
to
escalate
privileges
to
root.
One
example
is
the
\sudo
ln
-s
/tmp/script
/etc/cron.hourly/script
command.
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: