6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
12.2%
Todd Miller reports:
The flaw may allow someone with physical access to a machine that
is not password-protected to run sudo commands without knowing the
logged in user’s password. On systems where sudo is the principal
way of running commands as root, such as on Ubuntu and Mac OS X,
there is a greater chance that the logged in user has run sudo
before and thus that an attack would succeed.