Vulnerability CVE-2020-10699

Vulnerability Name:

CVE-2020-10699 (CCN-180968)

Assigned:

2020-03-23

Published:

2020-03-23

Updated:

2022-11-16

Summary:

A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-732

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2020-10699

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699

Source: XF
Type: UNKNOWN
targetclifb-cve202010699-priv-esc(180968)

Source: CCN
Type: targetcli-fb GIT Repository
/var/run/targetclid.sock is world writable #162

Source: MISC
Type: Third Party Advisory
https://github.com/open-iscsi/targetcli-fb/issues/162

Source: GENTOO
Type: Third Party Advisory
GLSA-202008-22

Source: CCN
Type: IBM Security Bulletin 6367943 (Spectrum Protect Plus)
Vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus

Vulnerable Configuration:

Configuration 1:

cpe:/a:targetcli-fb_project:targetcli-fb:2.1.51:*:*:*:*:*:*:*

OR cpe:/a:targetcli-fb_project:targetcli-fb:2.1.50:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202010699	V	CVE-2020-10699	2023-06-22
oval:org.opensuse.security:def:7787	P	python3-targetcli-fb-2.1.54-150500.6.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3184	P	libhogweed2-2.7.1-12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94814	P	python3-targetcli-fb-2.1.54-150400.1.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:293	P	python3-targetcli-fb-2.1.53-1.12 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:878	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:113306	P	python36-targetcli-fb-2.1.54-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:69970	P	Security update for fetchmail (Moderate)	2021-12-14
oval:org.opensuse.security:def:1222	P	Security update for the Linux Kernel (Important)	2021-11-11
oval:org.opensuse.security:def:106716	P	python36-targetcli-fb-2.1.54-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:100647	P	(Important)	2021-08-17
oval:org.opensuse.security:def:101069	P	python3-targetcli-fb-2.1.53-1.12 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62311	P	python3-targetcli-fb-2.1.53-1.12 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72052	P	python3-targetcli-fb-2.1.53-1.12 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:69865	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:116871	P	python3-targetcli-fb-2.1.52-1.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71708	P	python3-targetcli-fb-2.1.52-1.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93934	P	python3-targetcli-fb-2.1.52-1.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107313	P	python3-targetcli-fb-2.1.52-1.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61967	P	python3-targetcli-fb-2.1.52-1.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:73305	P	python3-targetcli-fb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49265	P	libxslt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49319	P	python3-targetcli-fb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73187	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66522	P	librsync-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66614	P	python3-targetcli-fb on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20201933	P	RHSA-2020:1933: targetcli security update (Important)	2020-04-28

BACK