upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.
References
Link | Resource |
---|---|
https://www.0x90.zone/binary/reverse/exploitation/2020/08/16/Privilege-Escalation-ViewPower.html | Exploit Patch Technical Description Third Party Advisory |
https://www.power-software-download.com/viewpower.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-08-16T12:32:01
Updated: 2022-08-16T12:32:01
Reserved: 2021-04-11T00:00:00
Link: CVE-2021-30490
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-16T13:15:08.250
Modified: 2022-08-17T20:47:57.200
Link: CVE-2021-30490
JSON object: View
Redhat Information
No data.
CWE