ajenti 2.1.31 API privilegier eskalering

I ajenti 2.1.31 var en kritisksvag punkt finns. Som påverkar en okänd funktion av komponenten API. Manipulering en okänd ingång leder till en sårbarhet klass privilegier eskalering svag punkt. Den rådgivande finns tillgänglig för nedladdning på exploit-db.com. Denna svaga punkt behandlas som CVE-2019-25066. Attacken på nätet kan. Han deklarerade proof-of-concept. Den exploit kan laddas ner från exploit-db.com. En uppgradering till den version 2.1.32 att åtgärda problemet. Plåstret kan laddas ner från github.com. Som bläst uppdatera till den senaste versionen åtgärder rekommenderas. En möjlig åtgärd har utfärdats före och inte efter offentliggörandet.

Fält04/06/2022 10:0017/01/2024 08:4517/01/2024 08:48
nameajentiajentiajenti
version2.1.312.1.312.1.31
componentAPIAPIAPI
risk222
cvss2_vuldb_basescore6.06.06.0
cvss2_vuldb_tempscore4.24.24.2
cvss2_vuldb_avNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore6.36.37.1
cvss3_meta_tempscore5.25.26.8
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore5.25.25.2
cvss3_vuldb_avNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1571011200 (14/10/2019)1571011200 (14/10/2019)1571011200 (14/10/2019)
locationExploit-DBExploit-DBExploit-DB
typeExploitExploitExploit
urlhttps://www.exploit-db.com/exploits/47497https://www.exploit-db.com/exploits/47497https://www.exploit-db.com/exploits/47497
identifierEDB-ID 47497EDB-ID 47497EDB-ID 47497
person_nameJeremy BrownJeremy BrownJeremy Brown
availability111
date1571011200 (14/10/2019)1571011200 (14/10/2019)1571011200 (14/10/2019)
publicity111
urlhttps://www.exploit-db.com/exploits/47497https://www.exploit-db.com/exploits/47497https://www.exploit-db.com/exploits/47497
developer_nameJeremy BrownJeremy BrownJeremy Brown
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
upgrade_version2.1.322.1.322.1.32
exploitdb474974749747497
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcUCUCUC
cvss3_vuldb_ePPP
cvss3_vuldb_rlOOO
cvss3_vuldb_rcUUU
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
exploitdb_date1571011200 (14/10/2019)1571011200 (14/10/2019)1571011200 (14/10/2019)
cwe269 (privilegier eskalering)269 (privilegier eskalering)269 (privilegier eskalering)
patch_name7aa146b724e0e20cfee2c71ca78fafbf53a8767c7aa146b724e0e20cfee2c71ca78fafbf53a8767c7aa146b724e0e20cfee2c71ca78fafbf53a8767c
patch_urlhttps://github.com/ajenti/ajenti/commit/7aa146b724e0e20cfee2c71ca78fafbf53a8767chttps://github.com/ajenti/ajenti/commit/7aa146b724e0e20cfee2c71ca78fafbf53a8767chttps://github.com/ajenti/ajenti/commit/7aa146b724e0e20cfee2c71ca78fafbf53a8767c
cveCVE-2019-25066CVE-2019-25066CVE-2019-25066
responsibleVulDBVulDBVulDB
cve_assigned1654293600 (04/06/2022)1654293600 (04/06/2022)
cve_nvd_summaryA vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore6.5
cvss3_nvd_basescore8.8
cvss3_cna_basescore6.3

TidigareÖversiktNästa

Interested in the pricing of exploits?

See the underground prices here!