A vulnerability has been discovered in the Linux sudo utility that can allow unprivileged users to gain superuser privileges.
Lighthouse – affected but not vulnerable
Lighthouse is affected by this CVE. When running Lighthouse versions up to 20.Q3 there is no practical vulnerability. Only Lighthouse Administrator users who already have superuser privileges are granted shell access – unprivileged users have no shell access and cannot run sudo therefore cannot exploit the vulnerability.
When running Lighthouse 20.Q4.1 users can be granted shell access without sudo permissions, and as such it is technically viable to craft a payload to exploit this vulnerability. We have been unable to exploit this in our testing and Lighthouse 21.Q2 will address the exploit and remove the vulnerability.
NetOps Console Servers (OM series) – affected but not vulnerable
NetOps Console Servers are affected by this CVE, however it presents no practical vulnerability. Only admin group users who already have superuser privileges are granted shell access – unprivileged users have no shell access and cannot run sudo therefore cannot exploit the vulnerability.
Classic Console Servers (IM, CM, ACM series) – not affected
Classic Console Servers are not affected by this CVE.
Comments
0 comments
Article is closed for comments.