Main Vulnerability Database SB2020061608

SB2020061608 - Privilege escalation in targetcli-fb

Published: June 16, 2020

Security Bulletin ID SB2020061608

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect default permissions (CVE-ID: CVE-2020-13867)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for /etc/target (and for the backup directory and backup files). A remote attacker can view contents of files and directories or modify them.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://github.com/open-iscsi/targetcli-fb/pull/172
https://github.com/open-iscsi/targetcli-fb/commit/493b62ee9e2b1d827d2faad8c77de6a89c7e21a9