Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.3
CVSSv3

CVE-2022-29549

Published: 18/08/2022 Updated: 15/09/2022
CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3
VMScore: 0
Subscribe to Cloud Agent For Linux

Vulnerability Summary

An issue exists in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known legitimate programs). Also, the vendor recommendation is to install this agent software with root privileges. Thus, privilege escalation is possible on systems where any of these pathnames is controlled by a non-root user. An example is /opt/firebird/bin/isql, where the /opt/firebird directory is often owned by the firebird user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qualys cloud agent for linux

References

CWE-354https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linuxhttps://blog.qualys.com/vulnerabilities-threat-researchhttp://software.firstworks.com/p/getting-started-with-firebird.htmlhttp://seclists.org/fulldisclosure/2022/Sep/10http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.htmlhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook