Local Privilege Escalation Vulnerability in ProlinOS by Prolin Technologies
CVE-2020-28046

7.8HIGH

Key Information:

Vendor: Pax
Status: Prolinos
Vendor: CVE Published:; 2 November 2020

What is CVE-2020-28046?

An issue exists in ProlinOS versions up to 2.4.161.8859R, where an attacker with local code execution privileges can exploit the setuid installation of the xtables-multi binary. By leveraging the 'ip6tables --modprobe' switch, the attacker can escalate their privileges to root, potentially compromising the system's integrity and security.

References

https://git.lsd.cat/g/pax-pwn

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2020
Vulnerability Reserved
Nov 1, 2020

Pax

What is CVE-2020-28046?

References

CVSS V3.1

Timeline