CVE-2023-50260

🗓️ 19 Apr 2024 14:28:20Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 59 Views🌐 WEB

Wazuh active response feature allows arbitrary command execution via host_deny script, leading to LPE on server and RCE on agent as roo

Reporter	Title	Published	Views	Family All 8
CNNVD	Wazuh 安全漏洞	19 Apr 202400:00	–	cnnvd
Cvelist	CVE-2023-50260 Wazuh's vulnerability in host_deny AR script allows arbitrary command execution	19 Apr 202414:28	–	cvelist
NVD	CVE-2023-50260	19 Apr 202415:15	–	nvd
OSV	CVE-2023-50260 Wazuh's vulnerability in host_deny AR script allows arbitrary command execution	19 Apr 202414:28	–	osv
Positive Technologies	PT-2023-9078 · Wazuh · Wazuh	28 Nov 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-50260	23 May 202502:44	–	redhatcve
Vulnrichment	CVE-2023-50260 Wazuh's vulnerability in host_deny AR script allows arbitrary command execution	19 Apr 202414:28	–	vulnrichment
Zero Day Initiative	Wazuh Active Response Module Improper Input Validation Remote Code Execution Vulnerability	25 Apr 202400:00	–	zdi

NVD

Vulners

Node

wazuh wazuhRange4.2.0–4.7.2

[
  {
    "vendor": "wazuh",
    "product": "wazuh",
    "versions": [
      {
        "version": ">= 4.2.0, < 4.7.2",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw

Parameter	Position	Path	Description	CWE
spawn directive	path	/var/ossec/active-response/bin/host_deny	Arbitrary command execution via host_deny script by writing to /etc/hosts.deny using the spawn directive in active response.	CWE-94
/etc/hosts.deny	path	/var/ossec/active-response/bin/host_deny	Arbitrary command execution via host_deny script by writing to /etc/hosts.deny using the spawn directive in active response.	CWE-94

09 Jan 2025 17:41Current

8.7High risk

Vulners AI Score8.7

CVSS 3.18.8

EPSS0.10662

SSVC

CWE-94