Directory Traversal Vulnerability in networkd-dispatcher by Linux Vendor
CVE-2022-29799

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Networkd-dispatcher
Vendor: CVE Published:; 21 September 2022

Summary

A vulnerability in networkd-dispatcher can be exploited due to insufficient sanitization of functions related to OperationalState and AdministrativeState. This flaw allows attackers to perform directory traversal attacks, potentially escaping the authorized '/etc/networkd-dispatcher' base directory, and compromising system integrity.

Affected Version(s)

networkd-dispatcher uknown

References

https://www.microsoft.com/security/blog/2022/04/26/micros...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2022
Vulnerability Reserved
Apr 25, 2022