Root Escalation Risk in Sudo Due to Unsecured Mount Command
CVE-2024-28139

Currently unrated

Key Information:

Vendor: Image Access Gmbh
Status: Scan2net
Vendor: CVE Published:; 11 December 2024

🔔 Create Image Access Gmbh Vulnerability Alert

What is CVE-2024-28139?

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future.

Affected Version(s)

Scan2Net 0 <= 7.42B

References

https://r.sec-consult.com/imageaccess

third-party-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2024
Vulnerability Reserved
Mar 5, 2024

Credit

Daniel Hirschberger (SEC Consult Vulnerability Lab)

Tobias Niemann (SEC Consult Vulnerability Lab)