Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2020-8023

Disclosure Date: July 06, 2020 •

CVE-2020-8023 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

SUSE Enterprise Storage 5 2.4.41-18.71.2

SUSE Linux Enterprise Debuginfo 11-SP3 2.4.26-0.74.13.1,

SUSE Linux Enterprise Debuginfo 11-SP4 2.4.26-0.74.13.1,

SUSE Linux Enterprise Point of Sale 11-SP3 2.4.26-0.74.13.1,

SUSE Linux Enterprise Server 11-SECURITY 2.4.26-0.74.13.1

SUSE Linux Enterprise Server 11-SP4-LTSS 2.4.26-0.74.13.1,

SUSE Linux Enterprise Server 12-SP2-BCL 2.4.41-18.71.2

SUSE Linux Enterprise Server 12-SP2-LTSS 2.4.41-18.71.2

SUSE Linux Enterprise Server 12-SP3-BCL 2.4.41-18.71.2

SUSE Linux Enterprise Server 12-SP3-LTSS 2.4.41-18.71.2

SUSE Linux Enterprise Server 12-SP4 2.4.41-18.71.2

SUSE Linux Enterprise Server 12-SP5 2.4.41-18.71.2

SUSE Linux Enterprise Server 15-LTSS 2.4.46-9.31.1

SUSE Linux Enterprise Server for SAP 12-SP2 2.4.41-18.71.2

SUSE Linux Enterprise Server for SAP 12-SP3 2.4.41-18.71.2

SUSE Linux Enterprise Server for SAP 15 2.4.46-9.31.1

SUSE OpenStack Cloud 7 2.4.41-18.71.2

SUSE OpenStack Cloud 8 2.4.41-18.71.2

SUSE OpenStack Cloud Crowbar 8 2.4.41-18.71.2

openSUSE Leap 15.1 2.4.46-lp151.10.12.1

openSUSE Leap 15.2 2.4.46-lp152.14.3.1

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

References

Canonical

CVE-2020-8023 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8023)

Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1172698

Rapid7

Unknown

CVE-2020-8023

Unknown

Unknown

None

Low

Local

CVE-2020-8023

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2020-8023

Unknown

Unknown

None

Low

Local

CVE-2020-8023

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification