CVE-2020-15850

Published: Sep 24, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.

Affected (1)

Products: Nakivo: Backup & Replication Director

1 product

Backup & Replication Director

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nakivo Backup & Replication Director	Version 9.4.0.r43656

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes

Source: cve@mitre.org

Release NotesVendor Advisory

https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities

Source: cve@mitre.org

ExploitThird Party Advisory

https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.