CVE-2020-15397 : HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileg

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).

Published 2020-06-30 12:15:13

Updated 2022-07-12 17:42:04

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2020-15397

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 45 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-15397

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-15397

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-15397

https://security.gentoo.org/glsa/202007-06

HylaFAX: Multiple vulnerabilities (GLSA 202007-06) — Gentoo security

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00046.html

[security-announce] openSUSE-SU-2020:1231-1: moderate: Security update f

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00040.html

[security-announce] openSUSE-SU-2020:1210-1: moderate: Security update f

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00054.html

[security-announce] openSUSE-SU-2020:1438-1: moderate: Security update f

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J52QFVREJWJ35YSEEDDRMZQ2LM2H2WE6/

[SECURITY] Fedora 32 Update: hylafax+-7.0.3-1.fc32 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
https://bugzilla.suse.com/show_bug.cgi?id=1173519

Bug 1173519 – VUL-0: CVE-2020-15397: hylafax+: Sourcing of files into binaries from user writeable directories
Exploit;Issue Tracking;Third Party Advisory
https://sourceforge.net/p/hylafax/HylaFAX+/2534/

HylaFAX / HylaFAX+ Code Repository / Commit [r2534]
Patch;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y46FOVJUS5SO44A2VEKR7DXEHTI4WK5L/

[SECURITY] Fedora 31 Update: hylafax+-7.0.3-1.fc31 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00039.html

[security-announce] openSUSE-SU-2020:1209-1: moderate: Security update f

CVEs referencing this url

Products affected by CVE-2020-15397

Ifax » Hylafax Enterprise » Version: N/A
cpe:2.3:a:ifax:hylafax_enterprise:-:*:*:*:*:*:*:*
Matching versions
Hylafax+ Project » Hylafax+
Versions up to, including, (<=) 7.0.2
cpe:2.3:a:hylafax\+_project:hylafax\+:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2020-15397

Exploit prediction scoring system (EPSS) score for CVE-2020-15397

CVSS scores for CVE-2020-15397

CWE ids for CVE-2020-15397

References for CVE-2020-15397

Products affected by CVE-2020-15397