CVE-2023-22809

AST

HighConfirmedExploit available

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_E…

CVSS

7.8

High

EPSS

0.55

p98

Published

2023-01-01

Updated

2023-01-01

Description

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

Tags · CWE

LPE

CWE-20

CWE-269

CAPEC-3

CAPEC-7

CAPEC-8

CAPEC-9

CAPEC-10

CAPEC-13

CAPEC-14

CAPEC-22

CAPEC-23

CAPEC-24

CAPEC-28

CAPEC-31

CAPEC-42

CAPEC-43

CAPEC-45

CAPEC-46

CAPEC-47

CAPEC-52

CAPEC-53

CAPEC-58

CAPEC-63

CAPEC-64

CAPEC-67

CAPEC-71

CAPEC-72

CAPEC-73

CAPEC-78

CAPEC-79

CAPEC-80

CAPEC-81

CAPEC-83

CAPEC-85

CAPEC-88

CAPEC-101

CAPEC-104

CAPEC-108

CAPEC-109

CAPEC-110

CAPEC-120

CAPEC-122

CAPEC-135

CAPEC-136

CAPEC-153

CAPEC-182

CAPEC-209

CAPEC-230

CAPEC-231

CAPEC-233

CAPEC-250

CAPEC-261

CAPEC-267

CAPEC-473

CAPEC-588

CAPEC-664

Affected products

Redhat-virtualization-hostSudoSudoSudoSudoSudoSudoSudoSudoSudoSudoSudoSudoSudoSudoSudoSudoSudoSudoSudo

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

2023-01-01

Published

2023-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.554 · p98

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1027Obfuscated Files or Information

└ via CAPEC-267 · CWE-20

T1036.001Invalid Code Signature

└ via CAPEC-473 · CWE-20

T1539Steal Web Session Cookie

└ via CAPEC-31 · CWE-20

T1548Abuse Elevation Control Mechanism

└ via CAPEC-122 · CWE-269

T1553.002Code Signing

└ via CAPEC-473 · CWE-20

T1574.006Dynamic Linker Hijacking

└ via CAPEC-13 · CWE-20

T1574.007Path Interception by PATH Environment Variable

└ via CAPEC-13 · CWE-20

Known exploits — Сканер-ВС

51217

exploitdb · https://www.exploit-db.com/exploits/51217

Enterprise

CVE-2023-22809

github-poc · https://github.com/ValeuDoamne/CVE-2023-22809

Enterprise

Affected products

Redhat-virtualization-host Sudo Sudo-devel Sudo-python Sudo-logsrvd

Apple

Macos

Группа Астра (РусБИТех)

Product	Vendor	Status
redhat-virtualization-host		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked
sudo		Tracked

Showing first 20 of 37

Source databases

AST

DEB

CVE

RED

UBU

Related vulnerabilities

BDU:2023-00210