Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup.
CPE | Name | Operator | Version |
---|---|---|---|
security_onion | ge | 2.0.0 | |
security_onion | lt | 2.3.10 |