CVE-2024-48911 MEDIUM

CVE-2024-48911: OpenCanary Executes Commands From Potentially Writable Config File

Vendor Thinkst

Product opencanary

Weakness CWE-863 · Incorrect authorization

Published October 14, 2024

Last update October 15, 2024

View on NVD All CVEs

CVSS base score

5.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue.

Key dates

02Disclosure timeline

October 14, 2024 CVE published

October 15, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-48911 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

CVE-2024-48911: OpenCanary Executes Commands From Potentially Writable Config File

01Description

02Disclosure timeline

03References

04Related CVE