CVE-2020-14976

Published: Jun 23, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context.

Affected (1)

Products: Gns3: Ubridge

Gns3

1 product

Ubridge

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gns3 Ubridge	Up to 0.9.18

Running on/with	Platform Versions
Gns3 Gns3	Before 2.1.17

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (8)

https://github.com/GNS3/gns3-server/releases/tag/v2.1.17

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/GNS3/ubridge/commit/2eb0d1dab6a6de76cf3556130a2d52af101077db

Source: cve@mitre.org

PatchThird Party Advisory

https://theevilbit.github.io/posts/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.gns3.com/

Source: cve@mitre.org

Vendor Advisory

https://github.com/GNS3/gns3-server/releases/tag/v2.1.17

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/GNS3/ubridge/commit/2eb0d1dab6a6de76cf3556130a2d52af101077db

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://theevilbit.github.io/posts/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.gns3.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.