Lucene search

K

Redhat.comRH:CVE-2023-30630

HistoryApr 14, 2023 - 5:30 a.m.

CVE-2023-30630

2023-04-1405:30:39

redhat.com

access.redhat.com

37

cve-2023-30630

dmidecode

local file overwrite

sudo

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

0.0004 Low

EPSS

Percentile

10.0%

A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.

Mitigation

Do not configure sudoers file to allow running dmidecode with elevated privileges.

References

bugzilla.redhat.com/show_bug.cgi?id=2186669

github.com/adamreiser/dmiwrite

github.com/advisories/GHSA-9r2p-xmm5-5ppg

nvd.nist.gov/vuln/detail/CVE-2023-30630

www.cve.org/CVERecord?id=CVE-2023-30630

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

0.0004 Low

EPSS

Percentile

10.0%

Related for RH:CVE-2023-30630

almalinux2 ubuntucve1 nessus30 rosalinux1 cbl_mariner1 amazon1 openvas18 redhat33 ibm6 debiancve1 alpinelinux1 mageia1 veracode1 oraclelinux2 nvd1 osv4 rocky1 prion1 cve1 cvelist1 photon3