Bryan Rhodes

**Name of the Vulnerable Software and Affected Versions** Cerner Connectivity Engine (CCE) version 4 **Description** An issue was discovered where the user running the main CCE firmware has NOPASSWD sudo privileges to several utilities, which could be used to escalate privileges to root. For example, the command "sudo ln -s /tmp/script /etc/cron.hourly/script" could be utilized. **Recommendations** For Cerner Connectivity Engine (CCE) version 4, restrict the sudo privileges of the user running the main CCE firmware to prevent escalation to root. As a temporary workaround, consider disabling the use of sudo for the affected utilities until a more permanent solution is implemented.

**Name of the Vulnerable Software and Affected Versions** MobaXterm versions prior to 8.3 **Description** The default configuration of the server in MobaXterm has a disabled Access Control setting, which does not require authentication for X11 connections. This allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets. **Recommendations** For versions prior to 8.3, enable the Access Control setting to require authentication for X11 connections.