Networkmanager-libreswan: local privilege escalation via leftupdown
CVE-2024-9050

7.8HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 7.7 Advanced Update Support
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor
CVE Published:
22 October 2024

Summary

A security flaw exists in the libreswan client plugin for NetworkManager, specifically within its handling of VPN configurations. This vulnerability arises from improper sanitation of the configuration input provided by local unprivileged users. This key-value format configuration management fails to adequately escape special characters, causing the application to misinterpret values as keys. This misconfiguration could allow malicious actors to manipulate key parameters such as 'leftupdown', which is capable of running executable commands. Because NetworkManager employs Polkit to permit unprivileged users to alter system network settings, an attacker could escalate privileges locally, potentially leading to root-level code execution on the affected system by crafting a malicious configuration.

Affected Version(s)

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.2.4-4.el7_9

Red Hat Enterprise Linux 7.7 Advanced Update Support 0:1.2.4-4.el7_7

Red Hat Enterprise Linux 8 0:1.2.10-7.el8_10

References

https://access.redhat.com/errata/RHSA-2024:8312
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8338
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8352
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.