CVE-2022-50927

MEDIUM

Cyclades Serial Console Server 3.3.0 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50927. PoCs published by ibby.

AI-analyzed exploit summary This exploit leverages overly permissive sudo privileges on Cyclades Serial Console Server to escalate privileges by renaming /bin/bash to /bin/sed and executing it via sudo. It demonstrates a local privilege escalation (LPE) vulnerability in legacy versions (V_1.0.0 to V_3.3.0-16).

Description

Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricted sudo permissions.

Exploits (1)

exploitdb WORKING POC
by ibby · bashlocalhardware
https://www.exploit-db.com/exploits/50773

This exploit leverages overly permissive sudo privileges on Cyclades Serial Console Server to escalate privileges by renaming /bin/bash to /bin/sed and executing it via sudo. It demonstrates a local privilege escalation (LPE) vulnerability in legacy versions (V_1.0.0 to V_3.3.0-16).

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Cyclades Serial Console Server (V_1.0.0 to V_3.3.0-16)
Auth required
Prerequisites: Local access to the system · User in the admin group or default admin user
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/50773
Various Sources product
https://www.vertiv.com/en-us/

Scores

CVSS v3 6.2
EPSS 0.0001
EPSS Percentile 3.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-266
Status published
Products (1)
Vertiv/Cyclades Serial Console Server 1.0.0 - 3.3.0
Published Jan 13, 2026
Tracked Since Feb 18, 2026