CVE-2022-29549
HIGHQualys Cloud Agent for Linux < 2.5.548.2 - Privilege Escalation via Unchecked Program Execution
Title source: llmDescription
An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known legitimate programs). Also, the vendor recommendation is to install this agent software with root privileges. Thus, privilege escalation is possible on systems where any of these pathnames is controlled by a non-root user. An example is /opt/firebird/bin/isql, where the /opt/firebird directory is often owned by the firebird user.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_misc
https://blog.qualys.com/vulnerabilities-threat-research
Not Applicable x_refsource_misc
http://software.firstworks.com/p/getting-started-with-firebird.html
Vendor Advisory x_refsource_misc
https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/Sep/10
Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html
Scores
CVSS v3
7.3
EPSS
0.0027
EPSS Percentile
18.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-354
Status
published
Products (1)
qualys/cloud_agent_for_linux
< 2.5.548.2
Published
Aug 18, 2022
Tracked Since
Feb 18, 2026