ID |
CVE-2025-27021
|
Sažetak |
The misconfiguration in the sudoers configuration of the operating system in
Infinera G42 version R6.1.3 allows low privileged OS users to
read/write physical memory via devmem command line tool.
This could
allow sensitive information disclosure, denial of service, and privilege
escalation by tampering with kernel memory.
Details: The output of "sudo -l" reports the presence of "devmem" command
executable as super user without using a password. This command allows
to read and write an arbitrary memory area of the target device,
specifying an absolute address. |
Reference |
|
CVSS |
Base: | 7.0 |
Impact: | 5.9 |
Exploitability: | 1.0 |
|
Pristup |
Vektor | Složenost | Autentikacija |
LOCAL |
HIGH |
LOW |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
HIGH |
HIGH |
HIGH |
|
CVSS vektor |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Zadnje važnije ažuriranje |
02-07-2025 - 15:15 |
Objavljeno |
02-07-2025 - 09:15 |