Cerner: >> Connectivity Engine 4 Security Vulnerabilities
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-04-25
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network.
CVSS Score
9.8
EPSS Score
0.043
Published
2019-04-25