Victron Energy Venus OS up to 2.72 Local Privilege Escalation

EntryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in Victron Energy Venus OS up to 2.72. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field07/19/2021 10:10 PM07/22/2021 10:47 AM
cvss3_vuldb_avPP
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_rcRR
urlhttps://github.com/victronenergy/venus/issues/836https://github.com/victronenergy/venus/issues/836
disputed11
cveCVE-2021-36797CVE-2021-36797
vendorVictron EnergyVictron Energy
nameVenus OSVenus OS
version<=2.72<=2.72
date1626645600 (07/19/2021)1626645600 (07/19/2021)
cvss2_vuldb_avLL
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_rcURUR
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore7.27.2
cvss2_vuldb_tempscore6.86.8
cvss3_vuldb_basescore6.86.8
cvss3_vuldb_tempscore6.66.6
cvss3_meta_basescore6.86.8
cvss3_meta_tempscore6.66.6
price_0day$0-$5k$0-$5k
cve_assigned1626645600
cve_nvd_summary** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical access to the device. NOTE: the vendor disagrees with the reporter's opinion about an alleged "security best practices" violation.

Do you need the next level of professionalism?

Upgrade your account now!