Command injection

2021-10-1113:15:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

High

0.032 Low

EPSS

Percentile

91.2%

JSON

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.

CPENameOperatorVersion
rconfigeq3.9.6

CPE	Name	Operator	Version
	rconfig	eq	3.9.6

References

rconfig.com

github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh