Vulnerability Name:

CVE-2020-15397 (CCN-184332)

Assigned:2020-06-30
Published:2020-06-30
Updated:2022-07-12
Summary:HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-732
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-15397

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:1209

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:1210

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:1231

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:1438

Source: CCN
Type: Bugzilla – Bug 1173519
(CVE-2020-15397) VUL-0: CVE-2020-15397: hylafax+: Sourcing of files into binaries from user writeable directories

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1173519

Source: XF
Type: UNKNOWN
hylafax-cve202015397-code-exec(184332)

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-01eb48bcce

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-8aa8793d25

Source: GENTOO
Type: UNKNOWN
GLSA-202007-06

Source: CCN
Type: SourceForge HylaFAX+ Project Web site
Commit [r2534]

Source: MISC
Type: Patch, Third Party Advisory
https://sourceforge.net/p/hylafax/HylaFAX+/2534/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hylafax+_project:hylafax+:*:*:*:*:*:*:*:* (Version <= 7.0.2)

    • Configuration 2:
  • cpe:/a:ifax:hylafax_enterprise:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:202015397
    V
    		CVE-2020-15397
    2022-06-30
    oval:org.opensuse.security:def:112415
    P
    		hylafax+-7.0.3-5.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64786
    P
    		Security update for apache2 (Important)
    2021-10-26
    oval:org.opensuse.security:def:105922
    P
    		hylafax+-7.0.3-5.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:63239
    P
    		spice-gtk-devel-0.35-1.48 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:64577
    P
    		Security update for xen (Moderate)
    2021-09-18
    oval:org.opensuse.security:def:64576
    P
    		Security update for libcroco (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:63433
    P
    		liblcms2-2-32bit-2.9-3.3.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63093
    P
    		libcgroup-devel-0.41.rc1-1.10.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:62814
    P
    		libsrtp-devel-1.6.0-2.19 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63036
    P
    		perl-PerlMagick-7.0.7.34-10.15.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63029
    P
    		osc-0.172.0-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63033
    P
    		perl-DNS-LDNS-1.7.0-4.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63061
    P
    		java-1_8_0-ibm-1.8.0_sr5.11-1.5 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:63532
    P
    		dia-0.97.3-2.32 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:64684
    P
    		Security update for java-11-openjdk (Important)
    2021-05-11
    oval:org.opensuse.security:def:64482
    P
    		Security update for libnettle (Important)
    2021-04-28
    oval:org.opensuse.security:def:62614
    P
    		PackageKit-1.1.13-2.16 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62613
    P
    		NetworkManager-1.22.6-1.36 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63295
    P
    		python3-pywbem-0.11.0-2.21 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62637
    P
    		gnome-shell-search-provider-nautilus-3.34.2-2.25 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:64440
    P
    		Security update for python (Important)
    2020-12-02
    oval:org.opensuse.security:def:74898
    P
    		Security update for mariadb-connector-c (Important)
    2020-12-01
    oval:org.opensuse.security:def:64328
    P
    		libgstgl-1_0-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63986
    P
    		Security update for e2fsprogs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63882
    P
    		Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:74548
    P
    		Security update for hylafax+ (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64956
    P
    		Security update for libbsd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64226
    P
    		chrony on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63659
    P
    		Security update for webkit2gtk3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:75031
    P
    		Security update for hylafax+ (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64370
    P
    		libpolkit0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64120
    P
    		Security update for xrdp (Important)
    2020-12-01
    oval:org.opensuse.security:def:63735
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:74422
    P
    		Security update for libpcap (Important)
    2020-12-01
    oval:org.opensuse.security:def:64111
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:64844
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:109704
    P
    		Security update for hylafax+ (Moderate)
    2020-09-15
    oval:org.opensuse.security:def:103047
    P
    		Security update for hylafax+ (Moderate)
    2020-09-15
    oval:org.opensuse.security:def:96357
    P
    		Security update for hylafax+ (Moderate)
    2020-09-15
    oval:org.opensuse.security:def:100218
    P
    		 (Moderate)
    2020-08-19
    oval:org.opensuse.security:def:93505
    P
    		Security update for hylafax+ (Moderate)
    2020-08-18
    oval:org.opensuse.security:def:110172
    P
    		Security update for hylafax+ (Moderate)
    2020-08-14
    oval:org.opensuse.security:def:110726
    P
    		Security update for hylafax+ (Moderate)
    2020-08-14
    BACK
    hylafax+_project hylafax+ *
    ifax hylafax enterprise -