Prolinos
CVE-2020-28046
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch.
AnalysisAI
An issue was discovered in ProlinOS through 2.4.161.8859R. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch. Affected products include: Pax Prolinos. Version information: through 2.4.161.8859.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. Rated high severity (CVSS 7.8), this vulnera
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in manage
Same weakness CWE-269 – Improper Privilege Management
View allShare
External POC / Exploit Code
Leaving vuln.today