We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-45173



Description

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges.

Reserved 2024-08-22 | Published 2024-09-05 | Updated 2024-09-06 | Assigner mitre

References

www.syss.de/...te/Publikationen/Advisories/SYSS-2024-027.txt

www.syss.de/...rwachungssoftware-c-mor-syss-2024-020-bis-030

cve.org (CVE-2024-45173)

nvd.nist.gov (CVE-2024-45173)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-45173

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.