First published: Tue Apr 14 2020(Updated: )
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mbconnectline Mbconnect24 | <=2.6.1 | |
Mbconnectline Mymbconnect24 | <=2.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10384 is a local privilege escalation vulnerability in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software.
The severity of CVE-2020-10384 is high, with a CVSS score of 7.8.
CVE-2020-10384 affects the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions up to 2.6.1.
The CWE ID for CVE-2020-10384 is 269.
To fix CVE-2020-10384, it is recommended to update the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software to version 2.6.2 or newer.