CVE-2024-28139

HIGH

Sudo - Privilege Escalation

Title source: llm

Description

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future.

References (2)

[Mailing List] http://seclists.org/fulldisclosure/2024/Dec/2

[Various Sources] https://r.sec-consult.com/imageaccess

Scores

CVSS v3 8.8

EPSS 0.0021

EPSS Percentile 43.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-250

Status published

Products (1)

Image Access GmbH/Scan2Net < 7.42B

Published Dec 11, 2024

Tracked Since Feb 18, 2026