CVE-2020-13882

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

18/06/2020

Last modified:

07/11/2023

Description

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks.

Impact

Vector 3.x

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS v3.1 Severity and Metrics:

Base Score: 4.20 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): Low
Availability (A): Low

Base Score 3.x

4.20

Severity 3.x

MEDIUM

Vector 2.0

AV:L/AC:H/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 3.70 LOW
Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Attack Vector (AV): Local
Attack Complexity (AC): High
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

3.70

Severity 2.0

LOW

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:cisofy:lynis::::::::		3.0.0 (excluding)
cpe:2.3:o:fedoraproject:fedora:31:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*

To consult the complete list of CPE names with products and versions, see this page

CVE-2020-13882

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools