CVE-2021-29005

EUVD-2021-15651
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
rconfigrconfig
3.9.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rconfig.com
https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh
http://rconfig.com
https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh