Advisory ID: LVD-2022-0003
CVSSv 3.1 Vector: AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C
CVSSv 3.1 Base Score: 7.2
Severity: High
CVE: CVE-2022-48685
CWE: CWE-732
Date Published: 2022-11-30
Last Updated: 2022-12-02
Description
The daily executed Cronjob-File clean_secbi_old_logs in Logpoint 7.1 Installation is writable for all users. The Cron is executed as root; any user can use this to execute any command in the system as root.
Affected Product
Logpoint v7.0.0 to v7.1.1
Solution
Upgrade Logpoint to v7.1.2
Acknowledgments
Timo Fahlenbock, IT Manager for StrikoWestofen GmbH in Norican Group (DISA)
Comments
Article is closed for comments.