Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-30630

Good to know:

icon

Date: April 12, 2023

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).

Language: C

Severity Score

Related Resources (9)

https://security-tracker.debian.org/tracker/CVE-2023-30630
https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2
https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206
https://people.canonical.com/~ubuntu-security/cve/CVE-2023-30630
https://nvd.nist.gov/vuln/detail/CVE-2023-30630
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html
https://github.com/adamreiser/dmiwrite
https://access.redhat.com/security/cve/CVE-2023-30630
https://www.mend.io/vulnerability-database/CVE-2023-30630

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Relative Path Traversal

CWE-23

Top Fix

icon

Upgrade Version

Upgrade to version dmidecode - no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us