{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-10699", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T11:06:11.137Z", "dateReserved": "2020-03-20T00:00:00.000Z", "datePublished": "2020-04-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-10-07T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root."}], "affected": [{"vendor": "Datera, Inc", "product": "targetcli", "versions": [{"version": "Fixed in targetcli-fb 2.1.52", "status": "affected"}]}], "references": [{"name": "GLSA-202008-22", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202008-22"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699"}, {"url": "https://github.com/open-iscsi/targetcli-fb/issues/162"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-732", "cweId": "CWE-732"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:06:11.137Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-202008-22", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202008-22"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699", "tags": ["x_transferred"]}, {"url": "https://github.com/open-iscsi/targetcli-fb/issues/162", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:targetcli-fb_project:targetcli-fb:2.1.50:*:*:*:*:*:*:*", "matchCriteriaId": "8E46FFC1-C330-4010-9473-827CE2AEC843", "vulnerable": true}, {"criteria": "cpe:2.3:a:targetcli-fb_project:targetcli-fb:2.1.51:*:*:*:*:*:*:*", "matchCriteriaId": "2E3AE0CE-FF4C-42F5-855C-CE44D711EC23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root."}, {"lang": "es", "value": "Se detect\u00f3 un fallo en Linux, en targetcli-fb versiones 2.1.50 y 2.1.51, donde el socket utilizado por targetclid era de tipo world-writable. Si un sistema habilita el socket targetclid, un atacante local puede usar este fallo para modificar la configuraci\u00f3n de iSCSI y escalar sus privilegios a root."}], "id": "CVE-2020-10699", "lastModified": "2024-11-21T04:55:52.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-15T14:15:19.873", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/open-iscsi/targetcli-fb/issues/162"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202008-22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/open-iscsi/targetcli-fb/issues/162"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202008-22"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:1933", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "targetcli-0:2.1.51-4.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}], "bugzilla": {"description": "targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands", "id": "1819219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819219"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-732", "details": ["A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.", "A flaw was found in Linux, where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root."], "mitigation": {"lang": "en:us", "value": "- Do not enable targetclid, this would prevent the socket to be created\n- Manually change the socket's permission every time it is being created :\n$ sudo chmod 0600 /var/run/targetclid.sock"}, "name": "CVE-2020-10699", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Not affected", "package_name": "targetcli", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Not affected", "package_name": "targetcli", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "targetcli", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-03-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10699\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10699\nhttps://github.com/open-iscsi/targetcli-fb/issues/162"], "statement": "Red Hat Enterprise Linux versions 7, 8.0 and 8.1 are not vulnerable to this flaw, because they do not ship a version of targetcli that contains the targetclid.socket socket.\nRed Hat Enterprise Linux version 8.2 is affected by this flaw.\nThis issue did not affect the version of targetcli shipped with Red Hat Ceph Storage 2 and 3, as the package did not include the support for systemd which provides targetclid.socket socket.", "threat_severity": "Important"}

{}