Lucene search

K
cve[email protected]CVE-2022-24949
HistoryAug 16, 2022 - 1:15 a.m.

CVE-2022-24949

2022-08-1601:15:07
CWE-120
CWE-362
web.nvd.nist.gov
35
8
cve-2022-24949
eternal terminal
privilege escalation
root
nvd
vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.6%

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen().

Affected configurations

NVD
Node
eternal_terminal_projecteternal_terminalRange<6.2.0

CNA Affected

[
  {
    "product": "Eternal Terminal",
    "vendor": "Jason Gauci",
    "versions": [
      {
        "lessThan": "6.2.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.6%

Related for CVE-2022-24949