HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2024-45173

CVSS 8.8v3.1pub. 2024-09-05upd. 2025-09-04

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • C Mor Video Surveillance

    APP
    C-Mor
    5.24016.00
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2024-45179HIGH7.2ten sam produkt

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input...

CVE-2024-45171HIGH8.8ten sam produkt

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation,...

CVE-2024-45175HIGH8.8ten sam produkt

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cle...

CVE-2024-45178HIGH7.1ten sam produkt

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation,...

CVE-2024-45170HIGH8.1ten sam produkt

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access cont...

CVE-2024-45173 β€” C-Mor β€” C-Mor Video Surveillance β€” HIGH β€” CVSS 8.8 | CVEbaza.pl