CVE-2024-41637
HIGHRaspAP < 3.1.5 - Privilege Escalation via Sudo Misconfiguration
Title source: llmDescription
RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password.
References (2)
Core 2
Core References
Various Sources
https://blog.0xzon.dev/2024-07-27-CVE-2024-41637/
Various Sources
https://github.com/RaspAP/raspap-webgui
Scores
CVSS v3
8.3
EPSS
0.0081
EPSS Percentile
52.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
billz/raspap-webgui
0Packagist
Published
Jul 29, 2024
Tracked Since
Feb 18, 2026