CVE-2021-29005
First published: Mon Oct 11 2021(Updated: )
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rConfig rConfig | =3.9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-29005?
CVE-2021-29005 is a vulnerability in rConfig server 3.9.6 that allows an attacker with low privilege to gain root access on the server.
How severe is CVE-2021-29005?
CVE-2021-29005 is classified as critical with a severity score of 8.8.
Which software version is affected by CVE-2021-29005?
rConfig server 3.9.6 is affected by CVE-2021-29005.
How can an attacker exploit CVE-2021-29005?
An attacker with low privilege can exploit CVE-2021-29005 by executing chmod as root without a password, potentially gaining root access on the server.
Is there a proof of concept for CVE-2021-29005?
Yes, there is a proof of concept script available at https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- vendor/rconfig
- canonical/rconfig rconfig
- version/rconfig rconfig/3.9.6