HylaFAX+ through 7.0.2 and HylaFAX... CVE-2020-15397

- AV AC AU C I A
发布: 2020-06-30
修订: 2020-07-16

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).

0%
暂无可用Exp或PoC
产品及版本信息(CPE)暂不可用