Local Privilege Escalation in Nakivo Backup & Replication Director on Linux
CVE-2020-15850

7.8HIGH

Key Information:

Vendor: Nakivo
Status: Backup \& Replication Director
Vendor: CVE Published:; 24 September 2020

What is CVE-2020-15850?

In Nakivo Backup & Replication Director version 9.4.0.r43656 for Linux, insecure permissions permit local users to access the Nakivo Director web interface. This vulnerability exists because the database that holds user credentials and the password-recovery secret value can be read by unauthorized users, potentially granting them root access to the system.

References

https://labs.f-secure.com/advisories/nakivo-backup-and-re...

x_refsource_MISC

https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 24, 2020
Vulnerability Reserved
Jul 20, 2020