header-logo
Suggest Exploit
vendor:
Snap Server 410
by:
Anonymous
7.2
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: Snap Server 410
Affected Version From: 5.1.1941
Affected Version To: 5.1.1941
Patch Exists: YES
Related CWE: N/A
CPE: o:snap_appliance:snap_server_410
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2020

Privilege Escalation on Snap Server 410

When logged in to CLI via ssh as admin (uid=1) you can escalate your privileges to uid 0 and get /bin/sh. In order to achieve this open 'less' which is available as default for viewing files (ie. less /tmp/top.log) and type in '!/bin/sh'. This will give you direct access to sh shell with UID 0. Tested only on OS version as above.

Mitigation:

Ensure that the system is running the latest version of the OS and that all security patches are applied.
Source

Exploit-DB raw data:

Device: Snap Server 410
OS: GuardianOS 5.1.041
Description: When logged in to CLI via ssh as admin (uid=1) you can escalate your privileges to uid 0 and get /bin/sh. In order to achieve this open 'less' which is available as default for viewing files (ie. less /tmp/top.log) and type in '!/bin/sh'. This will give you direct access to sh shell with UID 0. Tested only on OS version as above.

Navigation

Suggest Exploit

Services By CQR