Vulnerability Details : CVE-2020-7954
An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo.
Vulnerability category: Gain privilege
Exploit prediction scoring system (EPSS) score for CVE-2020-7954
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 10 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-7954
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2020-7954
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-7954
-
https://medium.com/@ph0rensic
Walleson Moura {phor3nsic} – MediumThird Party Advisory
-
https://medium.com/@ph0rensic/three-cves-on-opmon-3ca775a262f5
Three CVEs on Opmon - Walleson Moura {phor3nsic} - MediumThird Party Advisory
Products affected by CVE-2020-7954
- cpe:2.3:a:opservices:opmon:9.3.2:*:*:*:*:*:*:*