7.8

CVE-2020-15850

Exploit

EPSS 0.02%
Veröffentlicht 24.09.2020 21:15:15
Zuletzt bearbeitet 21.11.2024 05:06:18
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nakivo ≫ Backup & Replication Director Version9.4.0.r43656

Linux ≫ Linux Kernel Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.037

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes

Vendor Advisory

Release Notes

https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-15850

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15850

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15850

EUVD