icon

We found results for “

CVE-2023-30630

Good to know:

icon

Date: April 12, 2023

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).

Language: C

Severity Score

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Relative Path Traversal

CWE-23

Top Fix

icon

Upgrade Version

Upgrade to version dmidecode - no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us