CVE-2021-47799

Summary

Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo settings by using mount commands to bind a shell, enabling unauthorized system-level privileges.

Affected Software

VendorProductVersion RangeStatus
Visual-ToolsVisual Tools DVR VX16Visual Tools VX16 4.2.28.0affected

Weaknesses

  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References