#VU29037 Incorrect default permissions in targetcli-fb - CVE-2020-13867

Cybersecurity Help s.r.o.

Published: 2020-06-16

Vulnerability identifier: #VU29037

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-13867

CWE-ID: CWE-276

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
targetcli-fb
Other software / Other software solutions

Vendor: Open-iSCSI

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for /etc/target (and for the backup directory and backup files). A remote attacker can view contents of files and directories or modify them.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

targetcli-fb: 2.1.50 - 2.1.52

External links
https://github.com/open-iscsi/targetcli-fb/pull/172
https://github.com/open-iscsi/targetcli-fb/commit/493b62ee9e2b1d827d2faad8c77de6a89c7e21a9

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 20.03 LTS SP3 update for targetcli

openEuler 20.03 LTS SP1 update for targetcli

CentOS 7 update for targetcli

Red Hat Enterprise Linux 7 update for targetcli

Red Hat Enterprise Linux 8 update for targetcli

Gentoo update for targetcli-fb

OpenSUSE Linux update for targetcli-fb

Incorrect default permissions in targetcli (Alpine package)

Privilege escalation in targetcli-fb