Lucene search

K

ROSA LABROSA-SA-2023-2282

HistoryOct 24, 2023 - 2:17 p.m.

Advisory ROSA-SA-2023-2282

2023-10-2414:17:14

ROSA LAB

abf.rosalinux.ru

8

dmidecode security advisory

file overwrite risk

sudo execution

vulnerability fix

update required

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.0%

Software: dmidecode 3.5
WASP: ROSA-CHROME

package_evr_string: dmidecode-3.5-2.src.rpm

CVE-ID: CVE-2023-30630
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Dmidecode before version 3.5 allows -dump-bin to overwrite the local file. This has security implications because, for example, it is quite possible to execute Dmidecode via Sudo.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update dmidecode

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchdmidecode< 3.5UNKNOWN

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.0%

Related for ROSA-SA-2023-2282

ubuntucve1 nessus30 cbl_mariner1 amazon1 almalinux2 openvas18 redhat33 ibm6 debiancve1 alpinelinux1 mageia1 redhatcve1 veracode1 oraclelinux2 nvd1 osv4 rocky1 prion1 cve1 cvelist1 photon3