7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
The Qualys Research team won two Pwnie Awards today at Black Hat USA 2021 for discovering and responsibly disclosing these new vulnerabilities: Best Privilege Escalation Bug and Most Under-Hyped Research.
The Qualys Research team received these awards:
A heap-based buffer overflow vulnerability was discovered in Sudo and is exploitable by any local user (normal users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to know the user's password). Read more
Multiple critical vulnerabilities were discovered in the Exim mail server, some of which can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Read more
The Pwnie Awards are an annual recognition celebrating the achievements of security researchers and the security community. Nominations are taken from the security community at large, and a panel of respected security researchers reviewed the Active Nominations and announced winners in each category at Black Hat USA 2021 on August 4, 2021 at 5:30pm PT.
Qualys is honored for the second time in a row after being nominated for five Pwnie Awards in 2020.
The Qualys Research team engages in innovative vulnerability research and has multiple open positions within our vulnerability research team. If you are a security researcher looking for new opportunities, we invite you to apply for our open research and engineering positions worldwide.
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C