CVE-2022-50927
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricted sudo permissions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Vertiv | Cyclades Serial Console Server | 1.0.0 - 3.3.0 | affected |
Weaknesses
- CWE-266: Incorrect Privilege Assignment
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/50773
- https://www.vertiv.com/en-us/
- https://www.vulncheck.com/advisories/cyclades-serial-console-server-local-privilege-escalation
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.