CVE-2009-4607

The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the "!" character within less to access a privileged shell.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
overlandstoragesnap_server_410
*
overlandstorageguardianos
5.1.041
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.juniper.net/security/auto/vulnerabilities/vuln36739.html
http://www.securityfocus.com/archive/1/507318/100/0/threaded
http://www.securityfocus.com/bid/36739
https://exchange.xforce.ibmcloud.com/vulnerabilities/53881
http://www.juniper.net/security/auto/vulnerabilities/vuln36739.html
http://www.securityfocus.com/archive/1/507318/100/0/threaded
http://www.securityfocus.com/bid/36739
https://exchange.xforce.ibmcloud.com/vulnerabilities/53881