CVE-2020-27985

Name of the Vulnerable Software and Affected Versions Security Onion v2 versions prior to 2.3.10

Description The issue is related to an incorrect sudo configuration, allowing local users to obtain root access without using the sudo password. This can be achieved by editing and executing /home/<user>/SecurityOnion/setup/so-setup.

Recommendations For Security Onion v2 versions prior to 2.3.10, update to version 2.3.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the /home/<user>/SecurityOnion/setup/so-setup file to prevent unauthorized execution.