Home / Early Warning / Vulnerabilidades / CVE-2020-24848

CVE-2020-24848

Type: 
Unavailable / Other
Severity: 
High
Publication date: 
10/23/2020
Last modified: 
11/02/2020
Description
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
Impact
Access Vector: Local
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability
Vulnerable software and versions
  • cpe:2.3:a:fruitywifi_project:fruitywifi:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields