Linux Distros Unpatched Vulnerability : CVE-2020-8903

🗓️ 10 Sep 2025 00:00:00Reported by TenableType

CVE-2020-8903: GCP guest-oslogin allows adm group escalation to root via DHCP XID; patch after 2020-05-07.

Reporter	Title	Published	Views	Family All 27
CNVD	Google Cloud Platform guest-oslogin elevation of privilege vulnerability (CNVD-2020-60515)	23 Jun 202000:00	–	cnvd
CVE	CVE-2020-8903	22 Jun 202013:45	–	cve
Cvelist	CVE-2020-8903 Priviged Escalation in Google Cloud Platform's Guest-OSLogin	22 Jun 202013:45	–	cvelist
Debian CVE	CVE-2020-8903	22 Jun 202013:45	–	debiancve
EUVD	EUVD-2020-29742	7 Oct 202500:30	–	euvd
NVD	CVE-2020-8903	22 Jun 202014:15	–	nvd
Tenable Nessus	openSUSE Security Update : google-compute-engine (openSUSE-2020-1014)	20 Jul 202000:00	–	nessus
Tenable Nessus	openSUSE Security Update : google-compute-engine (openSUSE-2020-996)	20 Jul 202000:00	–	nessus
OPENSUSE Linux	Security update for google-compute-engine (important)	18 Jul 202000:00	–	opensuse
OPENSUSE Linux	Security update for google-compute-engine (important)	19 Jul 202000:00	–	opensuse

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2020-8903
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(262990);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/10");

  script_cve_id("CVE-2020-8903");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2020-8903");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a
    user that is only granted the role roles/compute.osLogin to escalate privileges to root. Using their
    membership to the adm group, users with this role are able to read the DHCP XID from the systemd
    journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any
    value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an
    arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS
    Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are
    fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the adm user
    from the OS Login entry. (CVE-2020-8903)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2020-8903");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8903");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gce-compute-image-packages");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-14.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "gce-compute-image-packages"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

10 Sep 2025 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 26.9

CVSS 3.17.8

CVSS 47.3

EPSS0.00092