Moderate
CVE-2021-29449
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2021-29449
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.
Add Assessment
Ratings
-
Attacker ValueMedium
-
ExploitabilityHigh
Technical Analysis
There are 3 vulnerabilities associated with this CVE, all are priv esc. All three use the same simple trick to execute while being sent to sed from the command line. www-data by default is listed in the sudoers file to run pihole.
removestaticdhcp command requires /etc/dnsmasq.d/04-pihole-static-dhcp.conf, and is exploitable from 3.0-5.2.4.
removecustomdns command requires /etc/pihole/custom.list, and is exploitable from 5.1-5.2.4.
removecustomcname command requires /etc/dnsmasq.d/05-pihole-custom-cname.conf, and is exploitable from 5.0-5.2.4.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- pi-hole
Products
- pi-hole
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
