PT-2023-25640 · Loxone · Loxone Miniserver Go Gen.2

Tobias Jäger

Publicado

2023-07-05

Atualizado

2023-07-12

CVE-2023-36624

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Loxone Miniserver Go Gen.2 through 14.0.3.28

Description The issue allows an authenticated operating system user to escalate privileges via the Sudo configuration, enabling the elevated execution of binaries without a password requirement.

Recommendations For versions through 14.0.3.28, consider restricting the Sudo configuration to prevent privilege escalation until a patch is available. As a temporary workaround, review and limit the execution of binaries that can be run without a password requirement to minimize the risk of exploitation.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2023-36624

Produtos afetados

Loxone Miniserver Go Gen.2

PT-2023-25640 · Loxone · Loxone Miniserver Go Gen.2

CVE-2023-36624

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6