Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2020-15397

Published: 30/06/2020 Updated: 07/11/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Hylafax\+

Vulnerability Summary

HylaFAX+ up to and including 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

hylafax\\+ project hylafax\\+

ifax hylafax enterprise -

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-15397 CVE-2020-15396
Debian Bug report logs - #964198 CVE-2020-15397 CVE-2020-15396 Package: src:hylafax; Maintainer for src:hylafax is Giuseppe Sacco <eppesuig@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 3 Jul 2020 14:00:02 UTC Severity: important Tags: security, upstream Found in version hylafax/3:607-3 ...
Arch Linux Issues:
HylaFAX+ through 702 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (eg, locations under /var/spool/hylafax that are writable by the uucp account) This allows these users to execute code in the context of the user calling these binaries (often root) ...

References

CWE-732https://bugzilla.suse.com/show_bug.cgi?id=1173519https://sourceforge.net/p/hylafax/HylaFAX+/2534/https://security.gentoo.org/glsa/202007-06http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00046.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00054.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y46FOVJUS5SO44A2VEKR7DXEHTI4WK5L/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J52QFVREJWJ35YSEEDDRMZQ2LM2H2WE6/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964198https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook