Execution with Unnecessary Privileges
Publish date:
19 August 2020
Identifier:
CVE-2020-16282
Manufacturer:
Rangee GmbH
Product:
RangeeOS 8.0.4
Authors:
Andre Waldhoff and Bastian Kanbach
Description:
In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. This may allow a local attacker to break out of the restricted environment or inject malicious code into the application and fully compromise the operating system.
Timeline:
20 February 2019: Vulnerabilities sent to vendor
20 March 2019: CVE request sent to mitre; automatic response from Mitre that they received the request
23 May 2019: Requested an update from Mitre about the status of the CVE numbers
30 August 2019: Requested an update from Mitre about the status of the CVE numbers
10 August 2020: Response from Mitre, containing the assigned CVE IDs
14 August 2020: Vendor confirmed that fixes were issued
19 August 2020: CVEs published