CVE-2019-19585

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
rconfigrconfig
3.9.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.html
https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_lpe.sh
https://raw.githubusercontent.com/v1k1ngfr/exploits/master/rconfig_lpe.sh?token=
http://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.html
https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_lpe.sh
https://raw.githubusercontent.com/v1k1ngfr/exploits/master/rconfig_lpe.sh?token=