CVE-2015-7556
DeleGate 9.9.13 - Local Privilege Escalation
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.
DeleGate versiĆ³n 9.9.13, permite a usuarios locales alcanzar privilegios como es demostrado por el programa dgcpnod setuid.
Installation of DeleGate version 9.9.13 sets some binaries setuid root and at least one of these binaries can be used to escalate the privileges of a local user. The binary dgcpnod creates a node allowing a local unprivileged user to create files anywhere on disk. By creating a file in /etc/cron.hourly a local user can execute commands as root.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-09-29 CVE Reserved
- 2015-12-30 CVE Published
- 2015-12-30 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/39134 | 2015-12-30 | |
| http://seclists.org/fulldisclosure/2015/Dec/123 | 2024-08-06 | |
| http://www.vapidlabs.com/advisory.php?v=159 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|