Home

CVE-2020-14342

Description

It was found that cifs-utils mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.

Risk Information

Base Score
7.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.134

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2020:2728-1(SUSE Linux Enterprise Server 12-SP5 ) cifs-utils-6.9-13.11.1.x86_64.rpmLinux
SUSE-SU-2020:2728-1(SUSE Linux Enterprise Server 12-SP5 ) cifs-utils-debuginfo-6.9-13.11.1.x86_64.rpmLinux
SUSE-SU-2020:2728-1(SUSE Linux Enterprise Server 12-SP5 ) cifs-utils-debugsource-6.9-13.11.1.x86_64.rpmLinux
Common Internet File System utilities (USN-5459-1) cifs-utils_6.8-1ubuntu1.2_i386.debLinux
Common Internet File System utilities (USN-5459-1) cifs-utils_6.8-1ubuntu1.2_amd64.debLinux
Common Internet File System utilities (USN-5459-1) cifs-utils_6.9-1ubuntu0.2_amd64.debLinux
Common Internet File System utilities (USN-5459-1) cifs-utils_6.14-1ubuntu0.1_i386.debLinux
Common Internet File System utilities (USN-5459-1) cifs-utils_6.14-1ubuntu0.1_amd64.debLinux
Common Internet File System utilities (USN-5459-1) cifs-utils_6.11-3.1ubuntu0.1_i386.debLinux
Common Internet File System utilities (USN-5459-1) cifs-utils_6.11-3.1ubuntu0.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234