Eyes Of Network Privilege Escalation Vulnerability (CVE-2020-8655)

high Nessus Plugin ID 176053

Synopsis

The Eyes Of Network instance on the remote host is affected by a privilege escalation vulnerability

Description

An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via nmap.

Solution

https://github.com/EyesOfNetworkCommunity/eonconf/issues/8

See Also

https://github.com/EyesOfNetworkCommunity/eonconf/issues/8

Plugin Details

Severity: High

ID: 176053

File Name: eon_cve-2020-8655.nbin

Version: 1.60

Type: local

Family: Misc.

Published: 5/18/2023

Updated: 12/18/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-8655

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:eyesofnetwork:eyesofnetwork

Required KB Items: Host/local_checks_enabled, installed_sw/Eyes Of Network

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/14/2020

CISA Known Exploited Vulnerability Due Dates: 5/3/2022

Exploitable With

Metasploit (EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution)

Reference Information

CVE: CVE-2020-8655