Vulnerability Details CVE-2020-10699
A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699
- https://github.com/open-iscsi/targetcli-fb/issues/162
- https://security.gentoo.org/glsa/202008-22
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699
- https://github.com/open-iscsi/targetcli-fb/issues/162
- https://security.gentoo.org/glsa/202008-22
Products affected by CVE-2020-10699
-
cpe:2.3:a:targetcli-fb_project:targetcli-fb:2.1.50
-
cpe:2.3:a:targetcli-fb_project:targetcli-fb:2.1.51