CVE-2022-2104

Name of the Vulnerable Software and Affected Versions SEPCOS Single Package versions (affected versions not specified)

Description The issue is related to insecure privilege management in the SEPCOS Single Package software. It allows a remote attacker to elevate their privileges. The www-data account, used by the Apache web server, is configured to run sudo with no password for many commands, including /bin/sh and /bin/bash.

Recommendations For SEPCOS Single Package, restrict the use of the sudo command for the www-data account to minimize the risk of exploitation. As a temporary workaround, consider disabling the ability of the www-data account to run commands like /bin/sh and /bin/bash until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.