An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges.
References
Configurations
No configuration.
History
21 Nov 2024, 09:37
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
05 Sep 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
05 Sep 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-05 15:15
Updated : 2024-11-21 09:37
NVD link : CVE-2024-45173
Mitre link : CVE-2024-45173
CVE.ORG link : CVE-2024-45173
JSON object : View
Products Affected
No product.
CWE
CWE-269
Improper Privilege Management