Vulnerability Description
Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Loxone | Miniserver Go Gen 2 Firmware | <= 14.0.3.28 |
| Loxone | Miniserver Go Gen 2 | - |
Related Weaknesses (CWE)
References
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-004.tExploitThird Party Advisory
- https://www.syss.de/pentest-blog/root-zugang-zu-smarthome-server-loxone-miniservThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-004.tExploitThird Party Advisory
- https://www.syss.de/pentest-blog/root-zugang-zu-smarthome-server-loxone-miniservThird Party Advisory
FAQ
What is CVE-2023-36624?
CVE-2023-36624 is a vulnerability with a CVSS score of 7.8 (HIGH). Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a p...
How severe is CVE-2023-36624?
CVE-2023-36624 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-36624?
Check the references section above for vendor advisories and patch information. Affected products include: Loxone Miniserver Go Gen 2 Firmware, Loxone Miniserver Go Gen 2.