- Description
- telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.
- Source
- cve@mitre.org
- NVD status
- Modified
- Products
- inetutils
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- cve@mitre.org
- CWE-829
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6381CFAE-9A10-40ED-BC93-1DB55CB44327",
"versionEndIncluding": "2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]