CVE-2020-7954 Information

Description

An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account it is possible to perform privilege escalation through the lack of correct configuration in the server’s sudoers file which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://medium.com/@ph0rensic https://medium.com/@ph0rensic/three-cves-on-opmon-3ca775a262f5

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8