Lucene search

K
cveMitreCVE-2023-36624
HistoryJul 05, 2023 - 8:15 p.m.

CVE-2023-36624

2023-07-0520:15:10
CWE-862
mitre
web.nvd.nist.gov
12
cve-2023-36624
loxone miniserver
gen.2
privilege escalation
sudo configuration

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0

Percentile

5.1%

Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement.

Affected configurations

Nvd
Node
loxoneminiserver_go_gen_2_firmwareRange14.0.3.28
AND
loxoneminiserver_go_gen_2Match-
VendorProductVersionCPE
loxoneminiserver_go_gen_2_firmware*cpe:2.3:o:loxone:miniserver_go_gen_2_firmware:*:*:*:*:*:*:*:*
loxoneminiserver_go_gen_2-cpe:2.3:h:loxone:miniserver_go_gen_2:-:*:*:*:*:*:*:*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0

Percentile

5.1%

Related for CVE-2023-36624