PT-2020-6506 · Unknown+1 · Eyesofnetwork+1
H4Kneto
·
Published
2020-02-05
·
Updated
2025-11-10
·
CVE-2020-8655
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EyesOfNetwork version 5.3
Description
The issue is related to insufficient access control in the /etc/sudoers component of the EyesOfNetwork (EON) system and network monitoring tool. This can be exploited to escalate privileges, allowing an attacker to execute arbitrary commands as root using crafted NSE scripts for nmap.
Recommendations
For EyesOfNetwork version 5.3, consider restricting access to the sudoers configuration and limiting the ability to run arbitrary commands as root until a patch is available. As a temporary workaround, restrict the use of NSE scripts to minimize the risk of exploitation.
Exploit
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eyesofnetwork
Nmap