Root Escalation Risk in Sudo Due to Unsecured Mount Command
CVE-2024-28139

8.8HIGH

Key Information:

Vendor: Image Access Gmbh
Status: Scan2net
Vendor: CVE Published:; 11 December 2024

🔔 Create Image Access Gmbh Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2024-28139?

A significant vulnerability exists due to the misconfiguration of the sudo command, which permits the www-data user on Linux systems to execute the mount command as root without requiring a password. This configuration flaw allows for the unauthorized elevation of privileges, ultimately granting the www-data user full access to the root account. The vendor is aware of the issue but has chosen to accept the associated risks, indicating that no immediate fix will be implemented. Users of affected systems should take necessary precautions to mitigate potential risks.

Affected Version(s)

Scan2Net 0 <= 7.42B

References

https://r.sec-consult.com/imageaccess

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Nov 3, 2025
Vulnerability published
Dec 11, 2024
Vulnerability Reserved
Mar 5, 2024

Credit

Daniel Hirschberger (SEC Consult Vulnerability Lab)

Tobias Niemann (SEC Consult Vulnerability Lab)

JSON