Lucene search

[email protected]NVD:CVE-2021-44954

HistoryJul 18, 2022 - 12:15 a.m.

CVE-2021-44954

2022-07-1800:15:08

[email protected]

web.nvd.nist.gov

cve-2021-44954

qvis nvr dvr

privileges escalation

sudo misconfiguration

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.8%

JSON

In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration.

Affected configurations

Nvd

Node

qvisdvr_firmwareRange<2021-12-13

AND

qvisdvrMatch-

Node

qvisnvr_firmwareRange<2021-12-13

AND

qvisnvrMatch-

VendorProductVersionCPE
qvisdvr_firmware*cpe:2.3:o:qvis:dvr_firmware:*:*:*:*:*:*:*:*
qvisdvr-cpe:2.3:h:qvis:dvr:-:*:*:*:*:*:*:*
qvisnvr_firmware*cpe:2.3:o:qvis:nvr_firmware:*:*:*:*:*:*:*:*
qvisnvr-cpe:2.3:h:qvis:nvr:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qvis	dvr_firmware	*	cpe:2.3:o:qvis:dvr_firmware::::::::
qvis	dvr	-	cpe:2.3:h:qvis:dvr:-:::::::*
qvis	nvr_firmware	*	cpe:2.3:o:qvis:nvr_firmware::::::::
qvis	nvr	-	cpe:2.3:h:qvis:nvr:-:::::::*

References

gist.github.com/Meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/a670418d51051d4e6513d86e84e8d5b8

twitter.com/Me9187/status/1414906288287404039

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.8%

JSON

Related for NVD:CVE-2021-44954

cvelist1 cve1 prion1