Vulnerabilities > CVE-2020-13776 - Improper Privilege Management vulnerability in multiple products

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

nessus

NVD

Published: 2020-06-03

Updated: 2023-11-07

Summary

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.

Vulnerable Configurations

Part	Description	Count
Application	Systemd_Project Systemd Project Systemd 1 Systemd Project Systemd 2 Systemd Project Systemd 3 Systemd Project Systemd 4 Systemd Project Systemd 5 Systemd Project Systemd 6 Systemd Project Systemd 7 Systemd Project Systemd 8 Systemd Project Systemd 9 Systemd Project Systemd 10 Systemd Project Systemd 11 Systemd Project Systemd 12 Systemd Project Systemd 13 Systemd Project Systemd 14 Systemd Project Systemd 15 Systemd Project Systemd 16 Systemd Project Systemd 17 Systemd Project Systemd 18 Systemd Project Systemd 19 Systemd Project Systemd 20 Systemd Project Systemd 21 Systemd Project Systemd 22 Systemd Project Systemd 23 Systemd Project Systemd 24 Systemd Project Systemd 25 Systemd Project Systemd 26 Systemd Project Systemd 27 Systemd Project Systemd 28 Systemd Project Systemd 29 Systemd Project Systemd 30 Systemd Project Systemd 31 Systemd Project Systemd 32 Systemd Project Systemd 33 Systemd Project Systemd 34 Systemd Project Systemd 35 Systemd Project Systemd 36 Systemd Project Systemd 37 Systemd Project Systemd 38 Systemd Project Systemd 39 Systemd Project Systemd 40 Systemd Project Systemd 41 Systemd Project Systemd 42 Systemd Project Systemd 43 Systemd Project Systemd 44 Systemd Project Systemd 45 Systemd Project Systemd 46 Systemd Project Systemd 47 Systemd Project Systemd 48 Systemd Project Systemd 49 Systemd Project Systemd 50 Systemd Project Systemd 51 Systemd Project Systemd 52 Systemd Project Systemd 53 Systemd Project Systemd 54 Systemd Project Systemd 55 Systemd Project Systemd 56 Systemd Project Systemd 57 Systemd Project Systemd 58 Systemd Project Systemd 59 Systemd Project Systemd 60 Systemd Project Systemd 61 Systemd Project Systemd 62 Systemd Project Systemd 64 Systemd Project Systemd 174 Systemd Project Systemd 175 Systemd Project Systemd 176 Systemd Project Systemd 177 Systemd Project Systemd 178 Systemd Project Systemd 179 Systemd Project Systemd 180 Systemd Project Systemd 181 Systemd Project Systemd 182 Systemd Project Systemd 183 Systemd Project Systemd 184 Systemd Project Systemd 185 Systemd Project Systemd 186 Systemd Project Systemd 187 Systemd Project Systemd 188 Systemd Project Systemd 189 Systemd Project Systemd 190 Systemd Project Systemd 191 Systemd Project Systemd 192 Systemd Project Systemd 193 Systemd Project Systemd 194 Systemd Project Systemd 195 Systemd Project Systemd 196 Systemd Project Systemd 197 Systemd Project Systemd 198 Systemd Project Systemd 199 Systemd Project Systemd 200 Systemd Project Systemd 201 Systemd Project Systemd 202 Systemd Project Systemd 203 Systemd Project Systemd 204 Systemd Project Systemd 205 Systemd Project Systemd 206 Systemd Project Systemd 207 Systemd Project Systemd 208 Systemd Project Systemd 209 Systemd Project Systemd 210 Systemd Project Systemd 211 Systemd Project Systemd 212 Systemd Project Systemd 213 Systemd Project Systemd 214 Systemd Project Systemd 215 Systemd Project Systemd 216 Systemd Project Systemd 217 Systemd Project Systemd 218 Systemd Project Systemd 219 Systemd Project Systemd 220 Systemd Project Systemd 221 Systemd Project Systemd 222 Systemd Project Systemd 223 Systemd Project Systemd 224 Systemd Project Systemd 225 Systemd Project Systemd 226 Systemd Project Systemd 227 Systemd Project Systemd 228 Systemd Project Systemd 229 Systemd Project Systemd 230 Systemd Project Systemd 231 Systemd Project Systemd 232 Systemd Project Systemd 233 Systemd Project Systemd 234 Systemd Project Systemd 235 Systemd Project Systemd 236 Systemd Project Systemd 237 Systemd Project Systemd 238 Systemd Project Systemd 239 Systemd Project Systemd 240 Systemd Project Systemd 241 Systemd Project Systemd 242 Systemd Project Systemd 243 Systemd Project Systemd 244 Systemd Project Systemd 245	147
Application	Netapp Netapp Solidfire & HCI Management Node - Netapp Active IQ Unified Manager -	2
OS	Fedoraproject Fedoraproject Fedora 32	1

Common Weakness Enumeration (CWE)

CWE-269 - Improper Privilege Management

Common Attack Pattern Enumeration and Classification (CAPEC)

Restful Privilege Elevation
Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.

Nessus

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-2_0-0252_SYSTEMD.NASL
description	An update of the systemd package has been released.
last seen	2020-06-12
modified	2020-06-10
plugin id	137303
published	2020-06-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137303
title	Photon OS 2.0: Systemd PHSA-2020-2.0-0252

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References