What the vulnerability does
01Description
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).
CVE-2022-2104
CRITICAL
CVE-2022-2104: Secheron SEPCOS Control and Protection Relay
CVSS base score
9.9/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Key dates
02Disclosure timeline
June 24, 2022
CVE published
April 16, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-8263
CVE-2023-47868 WordPress wpForo plugin <= 2.2.3 - Privilege Escalation vulnerability
CVE-2020-7305 DLP ePO extension - Privilege escalation
CVE-2021-21430 Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
CVE-2024-22068 Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router
