CVE-2020-10699

A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699 Issue Tracking Patch Third Party Advisory
https://github.com/open-iscsi/targetcli-fb/issues/162 Third Party Advisory
https://security.gentoo.org/glsa/202008-22 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:targetcli-fb_project:targetcli-fb:2.1.50:*:*:*:*:*:*:*
cpe:2.3:a:targetcli-fb_project:targetcli-fb:2.1.51:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-15 14:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-10699

Mitre link : CVE-2020-10699

CVE.ORG link : CVE-2020-10699


JSON object : View

Products Affected

targetcli-fb_project

  • targetcli-fb
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource