lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well.
Published 2021-06-09 22:15:09
Updated 2022-07-12 17:42:04
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-33393

94.35%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2021-33393

  • IPFire 2.25 Core Update 156 and Prior pakfire.cgi Authenticated RCE
    Disclosure Date: 2021-05-17
    First seen: 2021-06-15
    exploit/linux/http/ipfire_pakfire_exec
    This module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user.

CVSS scores for CVE-2021-33393

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.0
HIGH AV:N/AC:L/Au:S/C:C/I:C/A:C
8.0
10.0
NIST
8.8
HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.8
5.9
NIST

References for CVE-2021-33393

Products affected by CVE-2021-33393

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!