CVE-2020-10699 - OpenCVE

A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux
Targetcli-fb Project	Targetcli-fb

Configuration 1 [-]

OR	cpe:2.3:a:targetcli-fb_project:targetcli-fb:2.1.50:::::::*
	cpe:2.3:a:targetcli-fb_project:targetcli-fb:2.1.51:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
targetcli-0:2.1.51-4.el8_2	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:1933	2020-04-28T00:00:00Z

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699
https://github.com/open-iscsi/targetcli-fb/issues/162
https://nvd.nist.gov/vuln/detail/CVE-2020-10699
https://security.gentoo.org/glsa/202008-22
https://www.cve.org/CVERecord?id=CVE-2020-10699

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-04-15T00:00:00

Updated: 2024-08-04T11:06:11.137Z

Reserved: 2020-03-20T00:00:00

Link: CVE-2020-10699

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-15T14:15:19.873

Modified: 2023-11-07T03:14:14.607

Link: CVE-2020-10699

Redhat

Severity : Important

Publid Date: 2020-03-23T00:00:00Z

Links: CVE-2020-10699 - Bugzilla

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:targetcli-fb_project:targetcli-fb:2.1.50:*:*:*:*:*:*:*", "matchCriteriaId": "8E46FFC1-C330-4010-9473-827CE2AEC843", "vulnerable": true}, {"criteria": "cpe:2.3:a:targetcli-fb_project:targetcli-fb:2.1.51:*:*:*:*:*:*:*", "matchCriteriaId": "2E3AE0CE-FF4C-42F5-855C-CE44D711EC23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root."}, {"lang": "es", "value": "Se detect\u00f3 un fallo en Linux, en targetcli-fb versiones 2.1.50 y 2.1.51, donde el socket utilizado por targetclid era de tipo world-writable. Si un sistema habilita el socket targetclid, un atacante local puede usar este fallo para modificar la configuraci\u00f3n de iSCSI y escalar sus privilegios a root."}], "id": "CVE-2020-10699", "lastModified": "2023-11-07T03:14:14.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2020-04-15T14:15:19.873", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/open-iscsi/targetcli-fb/issues/162"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202008-22"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2020:1933", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "targetcli-0:2.1.51-4.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}], "bugzilla": {"description": "targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands", "id": "1819219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819219"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-732", "details": ["A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.", "A flaw was found in Linux, where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root."], "mitigation": {"lang": "en:us", "value": "- Do not enable targetclid, this would prevent the socket to be created\n- Manually change the socket's permission every time it is being created :\n$ sudo chmod 0600 /var/run/targetclid.sock"}, "name": "CVE-2020-10699", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Not affected", "package_name": "targetcli", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Not affected", "package_name": "targetcli", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "targetcli", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-03-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10699\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10699\nhttps://github.com/open-iscsi/targetcli-fb/issues/162"], "statement": "Red Hat Enterprise Linux versions 7, 8.0 and 8.1 are not vulnerable to this flaw, because they do not ship a version of targetcli that contains the targetclid.socket socket.\nRed Hat Enterprise Linux version 8.2 is affected by this flaw.\nThis issue did not affect the version of targetcli shipped with Red Hat Ceph Storage 2 and 3, as the package did not include the support for systemd which provides targetclid.socket socket.", "threat_severity": "Important", "upstream_fix": "targetcli-fb 2.1.52"}