8.8

CVE-2024-45173

Exploit

EPSS 0.3%
Veröffentlicht 05.09.2024 15:15:16
Zuletzt bearbeitet 04.09.2025 16:32:09
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

C-mor ≫ C-mor Video Surveillance Version5.2401

C-mor ≫ C-mor Video Surveillance Version6.00 Updatepatch_level_01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.528

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030

Vendor Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-027.txt

Vendor Advisory

Exploit

http://seclists.org/fulldisclosure/2024/Sep/20

Third Party Advisory

Exploit

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-45173

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45173

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45173

EUVD