CVE-2018-20052 — HIGH (7.8)

Q: How severe is CVE-2018-20052?

CVE-2018-20052 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-20052?

Check the references section above for vendor advisories and patch information. Affected products include: Cerner Connectivity Engine 4 Firmware, Cerner Connectivity Engine 4.

Vulnerability Description

An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cerner	Connectivity Engine 4 Firmware	< 201812
Cerner	Connectivity Engine 4	-

Related Weaknesses (CWE)

CWE-1188

References

https://www.securifera.com/advisories/cve-2018-20052-20053/Third Party Advisory
https://www.securifera.com/advisories/cve-2018-20052-20053/Third Party Advisory

FAQ

What is CVE-2018-20052?

CVE-2018-20052 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privilege...

How severe is CVE-2018-20052?

CVE-2018-20052 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20052?

Check the references section above for vendor advisories and patch information. Affected products include: Cerner Connectivity Engine 4 Firmware, Cerner Connectivity Engine 4.