PT-2020-2417 · Linux+4 · Targetcli-Fb+4

Alexmurray

Published

2020-04-15

Updated

2024-06-15

CVE-2020-10699

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux targetcli-fb versions 2.1.50 through 2.1.51

Description A flaw in the targetcli-fb component of Linux allows a local attacker to escalate their privileges to root due to inadequate access control. The issue is related to the world-writable socket used by targetclid, which can be exploited to modify the iSCSI configuration if the targetclid socket is enabled.

Recommendations For Linux targetcli-fb versions 2.1.50 and 2.1.51, consider restricting access to the targetclid socket to prevent exploitation until a patch is available. As a temporary workaround, consider disabling the targetclid socket until a fix is provided to prevent privilege escalation.

Fix

Improper Access Control

Improper Privilege Management

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-269CWE-732

Related Identifiers

BDU:2020-02418

CESA-2020_1933

CVE-2020-10699

OPENSUSE-SU-2024:11423-1

RHSA-2020:1933

RHSA-2020_1933

USN-4871-1

Affected Products

Centos

Linuxmint

Red Hat

Ubuntu

Targetcli-Fb

PT-2020-2417 · Linux+4 · Targetcli-Fb+4

CVE-2020-10699

Weakness Enumeration

Related Identifiers

Affected Products

References · 19