CVE-2020-28046

Published: Nov 2, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch.

Affected (1)

Products: Pax: Prolinos

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pax Prolinos	Up to 2.4.161.8859r

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://git.lsd.cat/g/pax-pwn

Source: cve@mitre.org

ExploitThird Party Advisory

https://git.lsd.cat/g/pax-pwn

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.