CVE-2024-45173

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-027.txt
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030
http://seclists.org/fulldisclosure/2024/Sep/20

Configurations

No configuration.

History

21 Nov 2024, 09:37

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Sep/20 -

05 Sep 2024, 18:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-05 15:15

Updated : 2024-11-21 09:37

NVD link : CVE-2024-45173

Mitre link : CVE-2024-45173

CVE.ORG link : CVE-2024-45173

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2024-45173", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-09-05T15:15:16.680", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-027.txt", "source": "cve@mitre.org"}, {"url": "https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/20", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en za-internet C-MOR Video Surveillance 5.2401. Debido a una gesti\u00f3n de privilegios inadecuada en relaci\u00f3n con los privilegios de sudo, C-MOR es vulnerable a un ataque de escalada de privilegios. El usuario de Linux www-data que ejecuta la interfaz web de C-MOR puede ejecutar algunos comandos del sistema operativo como superusuario a trav\u00e9s de Sudo sin tener que ingresar la contrase\u00f1a de superusuario. Estos comandos, por ejemplo, incluyen cp, chown y chmod, que permiten a un atacante modificar el archivo sudoers del sistema para ejecutar todos los comandos con privilegios de superusuario. Por lo tanto, es posible escalar los privilegios limitados del usuario www-data a privilegios de superusuario."}], "lastModified": "2024-11-21T09:37:24.467", "sourceIdentifier": "cve@mitre.org"}