PT-2025-34367 · Unknown · Mcsmanager
Bddjr
·
Publicado
2025-08-22
·
Atualizado
2025-08-22
·
CVE-2025-50691
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
MCSManager version 10.5.3
Description:
The MCSManager daemon process runs with root privileges by default. Sensitive data, including tokens and terminal content, is stored in a data directory accessible to all users. This allows unauthorized users to read the daemon’s key and potentially log in, leading to privilege escalation.
Recommendations:
Ensure the MCSManager daemon process does not run with root privileges.
Restrict access to the data directory containing sensitive information to authorized users only.
Correção
LPE
Incorrect Privilege Assignment
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mcsmanager