Local File Inclusion (LFI)

2023-08-0701:34:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

lfi

dmidecode

vulnerability

library

overwrite

local file

execution

sudo

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

0.0004 Low

EPSS

Percentile

10.0%

JSON

dmidecode is vulnerable to local file inclusion (LFI) attacks. The vulnerability exists because the library enables -dump-bin to overwrite a local file, which allows execution of Dmidecode via Sudo.

CPENameOperatorVersion
dmidecode:sideq3.3-1
dmidecode:sideq3.3-1
dmidecodeeq3.0__5.el7
dmidecodeeq3.2__5.el7_9.1
dmidecodeeq2.12__5.el6_5
dmidecodeeq2.12__5.el6_6.1
dmidecodeeq2.12__7.el6
dmidecodeeq3.2__3.el8
dmidecodeeq3.2__6.el8
dmidecodeeq3.2__1.el8

Name	Operator	Version
dmidecode:sid	eq	3.3-1
dmidecode:sid	eq	3.3-1
dmidecode	eq	3.0__5.el7
dmidecode	eq	3.2__5.el7_9.1
dmidecode	eq	2.12__5.el6_5
dmidecode	eq	2.12__5.el6_6.1
dmidecode	eq	2.12__7.el6
dmidecode	eq	3.2__3.el8
dmidecode	eq	3.2__6.el8
dmidecode	eq	3.2__1.el8