7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
0.0004 Low
EPSS
Percentile
10.0%
dmidecode is vulnerable to local file inclusion (LFI) attacks. The vulnerability exists because the library enables -dump-bin
to overwrite a local file, which allows execution of Dmidecode
via Sudo
.
git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2
git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206
github.com/adamreiser/dmiwrite
lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html
security-tracker.debian.org/tracker/CVE-2023-30630