Sign-up

ID

VAR-202002-1136


CVE

CVE-2020-7954


TITLE

OpServices OpMon Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-001897

DESCRIPTION

An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo. OpServices OpMon Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-7954 // JVNDB: JVNDB-2020-001897 // VULMON: CVE-2020-7954

AFFECTED PRODUCTS

vendor:opservicesmodel:opmonscope:eqversion:9.3.2

Trust: 1.8

sources: JVNDB: JVNDB-2020-001897 // NVD: CVE-2020-7954

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-7954
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-001897
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202002-178
value: HIGH

Trust: 0.6

VULMON: CVE-2020-7954
value: HIGH

Trust: 0.1

NVD: CVE-2020-7954
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-001897
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-7954
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-001897
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-7954 // JVNDB: JVNDB-2020-001897 // CNNVD: CNNVD-202002-178 // NVD: CVE-2020-7954

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2020-001897 // NVD: CVE-2020-7954

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-178

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202002-178

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-7954

PATCH
title:Top Pageurl:https://www.opservices.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-001897

EXTERNAL IDS
db:NVDid:CVE-2020-7954
Trust: 2.5
db:JVNDBid:JVNDB-2020-001897
Trust: 0.8
db:CNNVDid:CNNVD-202002-178
Trust: 0.6
db:VULMONid:CVE-2020-7954
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-7954 // 
            
            
            
            JVNDB: JVNDB-2020-001897 // 
            
            
            
            CNNVD: CNNVD-202002-178 // 
            
            
            
            NVD: CVE-2020-7954

REFERENCES
url:https://medium.com/@ph0rensic/three-cves-on-opmon-3ca775a262f5
Trust: 1.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-7954
Trust: 1.4
url:https://medium.com/%40ph0rensic
Trust: 1.0
url:https://medium.com/%40ph0rensic/three-cves-on-opmon-3ca775a262f5
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7954
Trust: 0.8
url:https://medium.com/@ph0rensic
Trust: 0.7
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-7954 // 
            
            
            
            JVNDB: JVNDB-2020-001897 // 
            
            
            
            CNNVD: CNNVD-202002-178 // 
            
            
            
            NVD: CVE-2020-7954

SOURCES
db:VULMONid:CVE-2020-7954
db:JVNDBid:JVNDB-2020-001897
db:CNNVDid:CNNVD-202002-178
db:NVDid:CVE-2020-7954

LAST UPDATE DATE
2023-11-09T23:45:37.346000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-7954date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-001897date:2020-02-28T00:00:00
db:CNNVDid:CNNVD-202002-178date:2021-07-26T00:00:00
db:NVDid:CVE-2020-7954date:2023-11-07T03:26:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-7954date:2020-02-06T00:00:00
db:JVNDBid:JVNDB-2020-001897date:2020-02-28T00:00:00
db:CNNVDid:CNNVD-202002-178date:2020-02-06T00:00:00
db:NVDid:CVE-2020-7954date:2020-02-06T17:15:00