CVE-2022-37706

Ubuntu Enlightenment Mount Priv Esc

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.

enlightenment_sys en Enlightenment anterior a 0.25.4 permite a los usuarios locales obtener privilegios porque es setuid root, y la función de librería del sistema maneja mal los nombres de ruta que comienzan con una subcadena /dev/..

Maher Azzouzi discovered that missing input sanitising in the Enlightenment window manager may result in local privilege escalation to root.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2022-08-08 CVE Reserved
2022-09-18 First Exploit
2022-09-28 CVE Published
2025-04-14 CVE Updated
2025-05-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-269: Improper Privilege Management

CAPEC

References (15)

URL	Tag	Source
https://twitter.com/maherazz2/status/1569665311707734023

URL	Date	SRC
https://packetstorm.news/files/id/170339	2022-12-27
https://packetstorm.news/files/id/168634	2022-10-05
https://www.exploit-db.com/exploits/51180	2023-04-01
https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit	2025-04-14
https://github.com/ECU-10525611-Xander/CVE-2022-37706	2022-09-18
https://github.com/junnythemarksman/CVE-2022-37706	2024-06-03
https://github.com/sanan2004/CVE-2022-37706	2024-08-18
https://github.com/AleksPwn/CVE-2022-37706	2024-07-04
https://github.com/TACTICAL-HACK/CVE-2022-37706-SUID	2024-07-20
https://github.com/GrayHatZone/CVE-2022-37706-LPE-exploit	2022-09-19
https://github.com/KaoXx/CVE-2022-37706	2024-09-10
https://github.com/d3ndr1t30x/CVE-2022-37706	2024-12-10

URL	Date	SRC
https://git.enlightenment.org/enlightenment/enlightenment/commit/cae78cbb169f237862faef123e4abaf63a1f5064	2023-01-04
https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141	2023-01-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Enlightenment Search vendor "Enlightenment"		Enlightenment Search vendor "Enlightenment" for product "Enlightenment"				< 0.25.4 Search vendor "Enlightenment" for product "Enlightenment" and version " < 0.25.4"		-		Affected