Lucene search

[email protected]NVD:CVE-2009-4648

HistoryFeb 19, 2010 - 5:30 p.m.

CVE-2009-4648

2010-02-1917:30:00

CWE-264

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.

Affected configurations

NVD

Node

accellionsecure_file_transfer_applianceMatch7_0_135

accellionsecure_file_transfer_applianceMatch7_0_178

accellionsecure_file_transfer_applianceMatch7_0_189

accellionsecure_file_transfer_applianceMatch7_0_259

accellionsecure_file_transfer_applianceMatch7_0_296

References

www.portcullis-security.com/338.php

www.securityfocus.com/bid/38176

exchange.xforce.ibmcloud.com/vulnerabilities/56248

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

Related for NVD:CVE-2009-4648

prion1 cve1 cvelist1