Privilege escalation in CNI



| Updated: 2021-08-05
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-20206
CWE-ID CWE-424
Exploitation vector Network
Public exploit N/A
Vulnerable software
 cni
Other software / Other software solutions

Vendor CNI

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper Protection of Alternate Path

EUVDB-ID: #VU55590

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-20206

CWE-ID: CWE-424 - Improper Protection of Alternate Path

Exploit availability: No

Description

The vulnerability allows a remote user to compromise the affected system.

the vulnerability exists due to improper input validation. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows a remote user to execute other existing binaries other than the cni plugins/types, such as 'reboot'.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

cni: 0.1.0 - 0.8.0

CPE2.3 External links

https://bugzilla.redhat.com/show_bug.cgi?id=1919391
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###