CVE-2020-7954

An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
opservicesopmon
9.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://medium.com/%40ph0rensic
https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5
https://medium.com/%40ph0rensic
https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5