PT-2020-19873 · Opservices+3 · Opmon+3

Published

2020-02-06

Updated

2021-07-21

CVE-2020-7954

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpServices OpMon version 9.3.2

Description An issue was discovered that allows privilege escalation from the apache user account due to incorrect configuration in the server's sudoers file. By default, this configuration allows the execution of programs, such as nmap, without requiring a password with sudo.

Recommendations For OpServices OpMon version 9.3.2, correct the configuration in the server's sudoers file to require a password for sudo execution or restrict the programs that can be executed without a password. As a temporary workaround, consider restricting access to the sudo command for the apache user account until the issue is resolved.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-7954

Affected Products

Apache

Opmon

Nmap

Sudo

PT-2020-19873 · Opservices+3 · Opmon+3

CVE-2020-7954

Weakness Enumeration

Related Identifiers

Affected Products

References · 4