Design/Logic Flaw

2020-11-2314:15:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.7%

JSON

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup.

CPENameOperatorVersion
security_onionge2.0.0
security_onionlt2.3.10

CPE	Name	Operator	Version
	security_onion	ge	2.0.0
	security_onion	lt	2.3.10

References

github.com/Security-Onion-Solutions/securityonion/commit/b14670030349a2747a00ace665568ab5f51ac47b

github.com/Security-Onion-Solutions/securityonion/releases

s1gh.sh/cve-2020-27985-security-onion-local-privilege-escalation/