CVE-2012-2095

WICD < 1.7.2 - Unauthenticated Privilege Escalation via D-Bus SetWiredProperty

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2095. PoCs published by anonymous.

AI-analyzed exploit summary This exploit targets a vulnerability in WICD <= 1.7.1, allowing arbitrary script execution as root by manipulating wireless network properties via D-Bus. The exploit sets a malicious 'beforescript' property and triggers it by connecting to a network.

Description

The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · pythonlocallinux

https://www.exploit-db.com/exploits/18733

View Code ZIP pw:eip

This exploit targets a vulnerability in WICD <= 1.7.1, allowing arbitrary script execution as root by manipulating wireless network properties via D-Bus. The exploit sets a malicious 'beforescript' property and triggers it by connecting to a network.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: WICD <= 1.7.1

No auth needed

Prerequisites: WICD installed and running · D-Bus access · Network interface available

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1569.002 - Service Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48759

Issue Tracking x_refsource_misc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668397

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/52987

Various Sources x_refsource_confirm

https://launchpad.net/wicd/+announcement/9888

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/04/11/2

Issue Tracking x_refsource_confirm

https://bugs.launchpad.net/wicd/+bug/979221

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49657

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079055.html

Various Sources x_refsource_misc

http://www.infosecinstitute.com/courses/ethical-hacking-wicd-0day.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079029.html

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/04/11/3

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18733

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-201206-08.xml

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079025.html

Various Sources x_refsource_confirm

http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751

Scores

EPSS 0.0080

EPSS Percentile 51.8%

Details

CWE

CWE-20

Status published

Products (23)

david_paleino/wicd 1.2.7

david_paleino/wicd 1.3.1

david_paleino/wicd 1.4.0

david_paleino/wicd 1.4.1

david_paleino/wicd 1.4.2

david_paleino/wicd 1.5.0

david_paleino/wicd 1.5.1

david_paleino/wicd 1.5.2

david_paleino/wicd 1.5.3

david_paleino/wicd 1.5.4

... and 13 more

Published Apr 07, 2014

Tracked Since Feb 18, 2026