Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Privilege Escalation Through Cronjob

Avatar Rushmi Bhuju
June 06, 2024 10:53
Follow

Advisory ID: LVD-2022-0003

CVSSv 3.1 Vector: AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C

CVSSv 3.1 Base Score: 7.2

Severity: High

CVE: CVE-2022-48685

CWE: CWE-732

Date Published: 2022-11-30

Last Updated: 2022-12-02

Description

The daily executed Cronjob-File clean_secbi_old_logs in Logpoint 7.1 Installation is writable for all users. The Cron is executed as root; any user can use this to execute any command in the system as root.

Affected Product

Logpoint v7.0.0 to v7.1.1

Solution

Upgrade Logpoint to v7.1.2

Acknowledgments

Timo Fahlenbock, IT Manager for StrikoWestofen GmbH in Norican Group (DISA)

Comments

Article is closed for comments.

Related articles

  • Logpoint response to latest vulnerabilities
  • Template injection in Search Template
  • Username Enumeration on Shared Widgets
  • Percentile
  • Azure Log Analytics
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.