Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Privilege Escalation Through Cronjob

Avatar Rushmi Bhuju
February 04, 2025 08:41
Follow

Advisory ID: LVD-2022-0003

CVSSv 3.1 Vector: AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C

CVSSv 3.1 Base Score: 7.2

Severity: High

CVE: CVE-2022-48685

CWE: CWE-732

Date Published: 2022-11-30

Last Updated: 2022-12-02

Description

The daily executed Cronjob-File clean_secbi_old_logs in Logpoint 7.1 Installation is writable for all users. The Cron is executed as root; any user can use this to execute any command in the system as root.

Affected Product

Logpoint v7.0.0 to v7.1.1

Solution

Upgrade Logpoint to v7.1.2

Acknowledgments

Timo Fahlenbock, IT Manager for StrikoWestofen GmbH in Norican Group (DISA)

Comments

Article is closed for comments.

Related articles

  • Template injection in Search Template
  • Logpoint response to latest vulnerabilities
  • Username Enumeration on Shared Widgets
  • Azure Log Analytics
  • Percentile
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.