CVE-2021-29005

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
rconfigrconfig
3.9.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rconfig.com
https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh
http://rconfig.com
https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh