Potential Security Flaw in IPFire 2.25-core155 Due to Improper File Ownership
CVE-2021-33393

8.8HIGH

Key Information:

Vendor

Ipfire

Status
Ipfire
Vendor
CVE Published:
9 June 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 72%

What is CVE-2021-33393?

The backup routine in IPFire 2.25-core155 is vulnerable due to improper file ownership of the backup script located at /var/ipfire/backup/bin/backup.pl. This script could potentially be owned by an unprivileged user, allowing a malicious actor to inject a Trojan horse script. If executed, this could lead to unauthorized access and execution of arbitrary code by a privileged user, posing a significant risk to system integrity and security. Other files within the system may also suffer from similar ownership and permission issues, further compounding the potential vulnerabilities.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2021-33393
Created by Rapid7

IPFire_2.25_RCE_Authenticated
Created by joaoaugustom

References

https://github.com/MucahitSaratar/ipfire-2-25-auth-rce
x_refsource_MISC
https://github.com/ipfire/ipfire-2.x/commit/6769d909306d7...
x_refsource_MISC
https://github.com/ipfire/ipfire-2.x/commits/master?since...
x_refsource_MISC

EPSS Score

72% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.