CVE-2020-10699

Published: Apr 15, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.

Affected (2)

Products: Targetcli Fb Project: Targetcli Fb

Targetcli Fb Project

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Targetcli Fb Project Targetcli Fb	Version 2.1.50
Targetcli Fb Project Targetcli Fb	Version 2.1.51

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/open-iscsi/targetcli-fb/issues/162

Source: secalert@redhat.com

Third Party Advisory

https://security.gentoo.org/glsa/202008-22

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/open-iscsi/targetcli-fb/issues/162

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/202008-22

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.