Lucene search

MitreCVE-2021-44954

HistoryJul 18, 2022 - 12:15 a.m.

CVE-2021-44954

2022-07-1800:15:08

mitre

web.nvd.nist.gov

cve-2021-44954

qvis nvr

dvr

sudo misconfiguration

privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration.

Affected configurations

Nvd

Node

qvisdvr_firmwareRange<2021-12-13

AND

qvisdvrMatch-

Node

qvisnvr_firmwareRange<2021-12-13

AND

qvisnvrMatch-

VendorProductVersionCPE
qvisdvr_firmware*cpe:2.3:o:qvis:dvr_firmware:*:*:*:*:*:*:*:*
qvisdvr-cpe:2.3:h:qvis:dvr:-:*:*:*:*:*:*:*
qvisnvr_firmware*cpe:2.3:o:qvis:nvr_firmware:*:*:*:*:*:*:*:*
qvisnvr-cpe:2.3:h:qvis:nvr:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qvis	dvr_firmware	*	cpe:2.3:o:qvis:dvr_firmware::::::::
qvis	dvr	-	cpe:2.3:h:qvis:dvr:-:::::::*
qvis	nvr_firmware	*	cpe:2.3:o:qvis:nvr_firmware::::::::
qvis	nvr	-	cpe:2.3:h:qvis:nvr:-:::::::*

References

gist.github.com/Meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/a670418d51051d4e6513d86e84e8d5b8

twitter.com/Me9187/status/1414906288287404039

Social References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

Related for CVE-2021-44954