Privilege Escalation - CVE-2016-4477
Published: October 11, 2016
Vulnerability identifier: #VU833
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4477
CWE-ID: CWE-88
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a local user to gain elevated privileges on the target system.
The weakness exists due to access control error. Updating of the local configuration through the control interface
SET_NETWORK command lets attackers to run code from a localy strored library file under the same privileges as the wpa _supplicant process has.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
The weakness exists due to access control error. Updating of the local configuration through the control interface
SET_NETWORK command lets attackers to run code from a localy strored library file under the same privileges as the wpa _supplicant process has.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
How to mitigate CVE-2016-4477
Update to version 1:2.6-1.