CVE-2023-40361

{"id": "CVE-2023-40361", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-10-20T06:15:17.297", "references": [{"url": "https://github.com/vianic/CVE-2023-40361/blob/main/advisory/advisory.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user."}, {"lang": "es", "value": "SECUDOS Qiata (DOMOS OS) 4.13 tiene Permisos Inseguros para el cronjob diario previewRm.sh. Para aprovechar esto, un atacante necesita acceso como usuario con pocos privilegios al sistema DOMOS subyacente. Cada usuario del sistema tiene permiso de escritura previewRm.sh, que es ejecutado por el usuario root."}], "lastModified": "2023-10-26T17:45:51.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:secudos:qiata:4.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DD9389A-DC88-441D-A523-BB3D01D90316"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}