Hylafax
CVE-2020-15397
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
AnalysisAI
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root). Affected products include: Hylafax\+ Project Hylafax\+, Ifax Hylafax Enterprise. Version information: through 7.0.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Review and restrict file/resource permissions, apply principle of least privilege.
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. R
sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, op
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today