CVE-2024-45173
HIGHza-internet C-MOR Video Surveillance 5.2401 - Privilege Escalation
Title source: llmDescription
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges.
References (3)
Core 3
Core References
Exploit, Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-027.txt
Vendor Advisory
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030
Exploit, Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2024/Sep/20
Scores
CVSS v3
8.8
EPSS
0.0092
EPSS Percentile
55.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (2)
c-mor/c-mor_video_surveillance
5.2401
c-mor/c-mor_video_surveillance
6.00 patch_level_01
Published
Sep 05, 2024
Tracked Since
Feb 18, 2026