- Description
- The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the "!" character within less to access a privileged shell.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:overlandstorage:snap_server_410:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B085438-252F-4F9F-A47F-2FB4B64B13D1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:overlandstorage:guardianos:5.1.041:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DCC43A7-3A7C-490E-9A4C-162D47F2C646"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]