PT-2020-12054 · Mb Connect Line · Mbconnect24

Published

2020-04-14

Updated

2021-02-19

CVE-2020-10384

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions mbCONNECT24 versions prior to 2.6.1 mymbCONNECT24 versions prior to 2.6.1

Description An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software, allowing a local privilege escalation from the www-data account to the root account.

Recommendations For mbCONNECT24 versions prior to 2.6.1, update to a version later than 2.6.1 to resolve the issue. For mymbCONNECT24 versions prior to 2.6.1, update to a version later than 2.6.1 to resolve the issue.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2020-10384

Affected Products

Mbconnect24

PT-2020-12054 · Mb Connect Line · Mbconnect24

CVE-2020-10384

Weakness Enumeration

Related Identifiers

Affected Products

References · 8