{"vuid":"VU#280844","idnumber":"280844","name":"Cryoserver Security Appliance vulnerable to privilege escalation","keywords":["cryoserver","privilege escalation","cwe-264"],"overview":"Cryoserver Security Appliance 7.3.x vulnerable to privilege escalation","clean_desc":"CWE-264: Permissions, Privileges, and Access Controls Cryoserver Security Appliance 7.3.x does not properly assign permission to the /etc/init.d/cryoserver shell script and allows the default support account to modify it using the /bin/cryo-mgmt script.","impact":"An authenticated attacker may be able to gain root access to the appliance.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"Thanks to Chris Hernandez for reporting this vulnerability.","author":"This document was written by Chris King.","public":["http://www.cryoserver.com/appliance/","http://cwe.mitre.org/data/definitions/264.html"],"cveids":["CVE-2014-4867"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-08-04T12:00:25Z","publicdate":"2014-10-07T00:00:00Z","datefirstpublished":"2014-10-07T14:00:36Z","dateupdated":"2014-10-07T14:00:38Z","revision":12,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UR","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.7","cvss_basevector":"AV:A/AC:L/Au:S/C:C/I:C/A:C","cvss_temporalscore":"6.6","cvss_environmentalscore":"4.943037814848","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}