CVE-2020-24848

Type:

Unavailable / Other

Severity:

High

Publication date:

10/23/2020

Last modified:

11/02/2020

Description

FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.

Impact

Access Vector: Local

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability

Vulnerable software and versions

cpe:2.3:a:fruitywifi_project:fruitywifi:*:*:*:*:*:*:*:*

To consult the complete list of products and versions see this page

References to Advisories, Solutions, and Tools

https://gist.github.com/harsh-bothra/5be73cfd53f1c5bea307c702ae83ff42 (Source: MISC)
https://github.com/xtr4nge/FruityWifi/issues/278 (Source: MISC)

Explanation of fields

Corporate access

CVE-2020-24848