CVE-2024-7062

Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://pentraze.com/vulnerability-reports/CVE-2024-7062/

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-26 12:15

Updated : 2024-07-26 12:38

NVD link : CVE-2024-7062

Mitre link : CVE-2024-7062

CVE.ORG link : CVE-2024-7062

JSON object : View

Products Affected

No product.

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2024-7062", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "41c37e40-543d-43a2-b660-2fee83ea851a", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2024-07-26T12:15:03.873", "references": [{"url": "https://pentraze.com/vulnerability-reports/CVE-2024-7062/", "source": "41c37e40-543d-43a2-b660-2fee83ea851a"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "41c37e40-543d-43a2-b660-2fee83ea851a", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client\u2019s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations."}, {"lang": "es", "value": "Nimble Commander sufre una vulnerabilidad de escalada de privilegios debido a que el servidor (info.filesmanager.Files.PrivilegedIOHelperV2) realiza una validaci\u00f3n incorrecta o insuficiente de la autorizaci\u00f3n de un cliente antes de ejecutar una operaci\u00f3n. En consecuencia, es posible ejecutar comandos a nivel de sistema como usuario root, como cambiar permisos y propiedad, obtener un identificador (descriptor de archivo) de un archivo arbitrario y finalizar procesos, entre otras operaciones."}], "lastModified": "2024-07-26T12:38:41.683", "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a"}

8.8 /10