Main
Vulnerability Database
Exploits
ID:1875 - Exploit for Privilage Escalation in Meinberg products - CVE-2016-3989
ID:1875 - Exploit for Privilage Escalation in Meinberg products - CVE-2016-3989
Published: March 18, 2020
Vulnerability identifier: #VU57
Vulnerability risk: High
CVE-ID: CVE-2016-3989
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
IMS-LANTIME M1000
IMS-LANTIME M500
LANTIME M900
LANTIME M600
LANTIME M400
LANTIME M200
LANTIME M100
SyncFire 1100
LCES
IMS-LANTIME M1000
IMS-LANTIME M500
LANTIME M900
LANTIME M600
LANTIME M400
LANTIME M200
LANTIME M100
SyncFire 1100
LCES
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute privilage escalation.
The vulnerability exists due to weak access controls, that allow for privilege escalation from “nobody” to “root” user. “nobody” has permissions to alter script that can only run as “root.”
Successful exploitation of this vulnerability may result in escalation to root privileges.
The vulnerability exists due to weak access controls, that allow for privilege escalation from “nobody” to “root” user. “nobody” has permissions to alter script that can only run as “root.”
Successful exploitation of this vulnerability may result in escalation to root privileges.
Remediation
Meinberg has produced a new firmware Version 6.20.004.