Incorrect Permission Assignment for Critical Resource

CVE-2020-10699

High

7.8/10

Summary

A flaw was found in Linux, in targetcli-fb before 2.1.53 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-732 - Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

Issue
Pull request
Release Note

Advisory Timeline

Published Apr 15, 2020

Incorrect Permission Assignment for Critical Resource

CVE-2020-10699

Summary

CWE-732 - Incorrect Permission Assignment for Critical Resource

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS