PT-2021-11324 · Unknown · Openclinic Ga
Yuri Kramarz
·
Published
2021-04-13
·
Updated
2022-07-29
·
CVE-2020-27228
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
OpenClinic GA version 5.173.3
Description:
An incorrect default permissions issue exists in the installation functionality, allowing an attacker to overwrite a binary, which can result in privilege escalation. This can be exploited by replacing a file.
Recommendations:
For OpenClinic GA version 5.173.3, consider restricting write access to sensitive binaries and files to prevent unauthorized overwriting until a fix is available. As a temporary workaround, monitor file system changes closely to detect potential exploitation attempts.
Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclinic Ga