Root Escalation Risk in Sudo Due to Unsecured Mount Command
CVE-2024-28139

8.8HIGH

Key Information:

Vendor: Image Access Gmbh
Status: Scan2net
Vendor: CVE Published:; 11 December 2024

🔔 Create Image Access Gmbh Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2024-28139?

A significant vulnerability exists due to the misconfiguration of the sudo command, which permits the www-data user on Linux systems to execute the mount command as root without requiring a password. This configuration flaw allows for the unauthorized elevation of privileges, ultimately granting the www-data user full access to the root account. The vendor is aware of the issue but has chosen to accept the associated risks, indicating that no immediate fix will be implemented. Users of affected systems should take necessary precautions to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Scan2Net 0 <= 7.42B

References

https://r.sec-consult.com/imageaccess

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Nov 3, 2025
Vulnerability published
Dec 11, 2024
Vulnerability Reserved
Mar 5, 2024

Credit

Daniel Hirschberger (SEC Consult Vulnerability Lab)

Tobias Niemann (SEC Consult Vulnerability Lab)

JSON

Image Access Gmbh

Badges

What is CVE-2024-28139?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.