CVE-2025-27021
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/07/2025
Last modified:
03/07/2025
Description
The misconfiguration in the sudoers configuration of the operating system in<br />
Infinera G42 version R6.1.3 allows low privileged OS users to <br />
read/write physical memory via devmem command line tool. <br />
This could <br />
allow sensitive information disclosure, denial of service, and privilege <br />
escalation by tampering with kernel memory.<br />
<br />
<br />
Details: The output of "sudo -l" reports the presence of "devmem" command <br />
executable as super user without using a password. This command allows <br />
to read and write an arbitrary memory area of the target device, <br />
specifying an absolute address.
Impact
Base Score 3.x
7.00
Severity 3.x
HIGH