CVE-2020-25507

HIGH

TeamworkCloud 18.0-19.0 - Incorrect Permission Assignment for Critical Resource via Installation Script

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25507. PoCs published by sickcodes.

AI-analyzed exploit summary This repository contains a script for installing Teamwork Cloud 19.0, which is referenced in the context of CVE-2020-25507. The script itself is not an exploit but provides setup instructions for the vulnerable software, with clear warnings not to execute it.

Description

An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions (0777 /etc/environment). Any local unprivileged user can execute arbitrary code simply by writing to /etc/environment, which will force all users, including root, to execute arbitrary code during the next login or reboot. In addition, the entire home directory of the twcloud user at /home/twcloud is recursively given world writable permissions. This allows any local unprivileged attacker to execute arbitrary code, as twcloud. This product was previous named Cameo Enterprise Data Warehouse (CEDW).

Exploits (1)

github WRITEUP 89 stars

by sickcodes · shellpoc

https://github.com/sickcodes/security/tree/master/etc/CVE-2020-25507_install_twc19_centos7.sh

View Code ZIP pw:eip

This repository contains a script for installing Teamwork Cloud 19.0, which is referenced in the context of CVE-2020-25507. The script itself is not an exploit but provides setup instructions for the vulnerable software, with clear warnings not to execute it.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Teamwork Cloud 19.0

No auth needed

Prerequisites: CentOS 7 environment · sudo privileges

MITRE ATT&CK