Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:23617
HistoryApr 10, 2020 - 12:31 a.m.

Arbitrary Command Execution

2020-04-1000:31:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
arbitrary command execution
multipath daemon
incorrect permissions
local user
access disruptions
storage devices
file system corruption

EPSS

0

Percentile

10.4%

device-mapper-multipath is vulnerable to arbitrary command execution. It was discovered that the multipathd daemon set incorrect permissions on the socket used to communicate with command line clients. An unprivileged, local user could use this flaw to send commands to multipathd, resulting in access disruptions to storage devices accessible via multiple paths and, possibly, file system corruption on these devices.

References