How severe is CVE-2020-24046?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2020-24046?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2020-24046

HIGH Year: 2020

CVSS v3 Score

7.2

High

CVSS v2 Score

9.0

Critical

Weakness Type

CWE-269

View all →

Vulnerability Description

A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login.

CVE-2012-0384

HIGH

CVSS:7.2(High)

Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2...

CWE-2692012

CVE-2017-17544

HIGH

CVSS:7.2(High)

A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations...

CWE-2692017

CVE-2017-4991

HIGH

CVSS:7.2(High)

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, an...

CWE-2692017

CVE-2017-8187

HIGH

CVSS:7.2(High)

Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certi...

CWE-2692017

CVE-2018-0610

HIGH

CVSS:7.2(High)

Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.

CWE-2692018

CVE-2018-1000634

HIGH

CVSS:7.2(High)

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restricti...

CWE-2692018

CVE-2020-24046

Vulnerability Description

Related Vulnerabilities

CVE-2012-0384

CVE-2017-17544

CVE-2017-4991

CVE-2017-8187

CVE-2018-0610

CVE-2018-1000634