Lucene search
MitreCVE-2013-3500HistoryMay 08, 2013 - 12:09 p.m.
CVE-2013-3500
2013-05-0812:09:33
CWE-264
mitre
web.nvd.nist.gov
21
cve-2013-3500
groundwork monitor enterprise
privilege escalation
webapp
admin interface
security vulnerability
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.003
Percentile
68.0%
The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attackers to bypass intended filesystem restrictions by leveraging access to a GroundWork script.
Affected configurations
Node
gwosgroundwork_monitorMatch6.7.0-enterprise
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gwos | groundwork_monitor | 6.7.0 | cpe:2.3:a:gwos:groundwork_monitor:6.7.0:-:enterprise:*:*:*:*:* |
Related
prion
prion
Code injection
2013-05-08 12:09:00
nessus
nessus
GroundWork Monitor Enterprise Foundation Webapp Admin Arbitrary File Access
2013-06-28 00:00:00
cvelist
cvelist
CVE-2013-3500
2013-05-08 10:00:00
nvd
nvd
CVE-2013-3500
2013-05-08 12:09:33
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.003
Percentile
68.0%
Related for CVE-2013-3500