[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80130

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-2363

Date: (C)2016-08-25   (M)2017-12-07 


Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.

CVSS Score: 7.2Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
VU#754056

CPE    3
cpe:/a:fonality:fonality:12.6
cpe:/a:fonality:fonality:12.8
cpe:/a:fonality:fonality:14.1i
CWE    1
CWE-264

© 2013 SecPod Technologies