CVE-2020-27985

2020-11-2314:15:12

Google

osv.dev

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.7%

JSON

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup.

CPENameOperatorVersion
securityonioneq2.2.0-rc3
securityonioneq2.0.1-rc1.1
securityonioneq1.4.0
securityonioneq2.3.0
securityonioneq2.0.1-rc1
securityonioneq2.3.2
securityonioneq2.0.0-rc1
securityonioneq2.1.0-rc2
securityonioneq1.3.0
securityonioneq2.3.1

Name	Operator	Version
securityonion	eq	2.2.0-rc3
securityonion	eq	2.0.1-rc1.1
securityonion	eq	1.4.0
securityonion	eq	2.3.0
securityonion	eq	2.0.1-rc1
securityonion	eq	2.3.2
securityonion	eq	2.0.0-rc1
securityonion	eq	2.1.0-rc2
securityonion	eq	1.3.0
securityonion	eq	2.3.1