CVE-2020-7954

EUVD-2020-28876
An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
opservicesopmon
9.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://medium.com/%40ph0rensic
https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5
https://medium.com/%40ph0rensic
https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5