CVE-2014-7302

HIGH

SGI Tempo - Incorrect Default Permissions via vx Binary

Title source: llm

Description

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html

Exploit, Third Party Advisory x_refsource_misc

https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 19.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

hp/sgi_tempo

Published Jan 27, 2020

Tracked Since Feb 18, 2026