PT-2020-15842 · Fruitywifi · Fruitywifi

Loopspell

Published

2020-10-23

Updated

2022-04-28

CVE-2020-24848

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FruityWifi versions through 2.4

Description The issue is related to an unsafe Sudo configuration, specifically (ALL : ALL) NOPASSWD: ALL, which allows an attacker to perform a system-level (root) local privilege escalation. This enables the attacker to gain complete persistent access to the local system.

Recommendations For FruityWifi versions through 2.4, update the Sudo configuration to remove the (ALL : ALL) NOPASSWD: ALL setting to prevent local privilege escalation. As a temporary workaround, consider restricting the use of Sudo to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-269

Related Identifiers

CVE-2020-24848

Affected Products

Fruitywifi

PT-2020-15842 · Fruitywifi · Fruitywifi

CVE-2020-24848

Weakness Enumeration

Related Identifiers

Affected Products

References · 5