Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2022-29799

Published: 21/09/2022 Updated: 23/09/2022
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Windows Defender For Endpoint

Vulnerability Summary

A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows defender for endpoint

Vendor Advisories

Debian CVElist Bug Report Logs: networkd-dispatcher: CVE-2022-29799 CVE-2022-29800
Debian Bug report logs - #1010303 networkd-dispatcher: CVE-2022-29799 CVE-2022-29800 Package: src:networkd-dispatcher; Maintainer for src:networkd-dispatcher is Julian Andres Klode <jak@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 28 Apr 2022 11:57:01 UTC Severity: grave Tags: securit ...
Ubuntu Security Notice: USN-5395-2: networkd-dispatcher regression
USN-5395-1 introduced a regression in networkd-dispatcher ...
Ubuntu Security Notice: USN-5395-1: networkd-dispatcher vulnerabilities
Several security issues were fixed in networkd-dispatcher ...
Red Hat:
A vulnerability found in networkd-dispatcher This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory ...

Github Repositories

https://github.com/jfrog/nimbuspwn-tools

Nimbuspwn detector Overview This tool performs several tests to determine whether the system is possibly vulnerable to Nimbuspwn (CVE-2022-29799 & CVE-2022-29800), a vulnerability in the networkd-dispatcher daemon discovered by the Microsoft 365 Defender Research Team A system is deemed possibly vulnerable to exploitation if the following conditions are met: The vulne

https://github.com/DDNvR/privelege_escalation

nimbuspwn This is a PoC for Nimbuspwn, as originally described in wwwmicrosoftcom/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ It runs reliably on Ubuntu Desktop installs, but does not run by default on Ubuntu Server installs It is possible to configure a server install to be vulnerable, although this is not expec

Recent Articles

Microsoft points at Linux and shouts: Look, look! Privilege-escalation flaws here, too!
The Register • Jeff Burt • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Will Redmond start code-naming Windows make-me-admin bugs?

Flaws in networkd-dispatcher, a service used in some parts of the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, Microsoft researchers said Wednnesday. It's nice of Redmond to point out these flaws and have them fixed in any affected distributions; the US tech giant is a big user of Linux and relies on the open-source OS throughout its empire. It's just a little perplexing the biz went to all...

Read more...

References

CWE-22https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010303https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5395-2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook