Main Vulnerability Database SB2016062907

SB2016062907 - Privilage Escalation in IMS-LANTIME M3000

Published: June 29, 2016 Updated: November 22, 2018

Security Bulletin ID SB2016062907

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Privilage Escalation (CVE-ID: CVE-2016-3989)

The vulnerability allows a remote attacker to execute privilage escalation.

The vulnerability exists due to weak access controls, that allow for privilege escalation from “nobody” to “root” user. “nobody” has permissions to alter script that can only run as “root.”

Successful exploitation of this vulnerability may result in escalation to root privileges.

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03

SB2016062907 - Privilage Escalation in IMS-LANTIME M3000

Breakdown by Severity

Description

Remediation

References

Please verify you're human