Lucene search

K
attackerkbAttackerKBAKB:4EFB7983-D467-4269-B8DE-5AA419E4770D
HistoryApr 14, 2021 - 12:00 a.m.

CVE-2021-29449

2021-04-1400:00:00
attackerkb.com
10

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.

Recent assessments:

h00die at May 31, 2021 11:59am UTC reported:

There are 3 vulnerabilities associated with this CVE, all are priv esc. All three use the same simple trick to execute while being sent to sed from the command line. www-data by default is listed in the sudoers file to run pihole.

removestaticdhcp command requires /etc/dnsmasq.d/04-pihole-static-dhcp.conf, and is exploitable from 3.0-5.2.4.

removecustomdns command requires /etc/pihole/custom.list, and is exploitable from 5.1-5.2.4.

removecustomcname command requires /etc/dnsmasq.d/05-pihole-custom-cname.conf, and is exploitable from 5.0-5.2.4.

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 4

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Related for AKB:4EFB7983-D467-4269-B8DE-5AA419E4770D