CVE-2020-8655
Published: 07 February 2020
Summary
CVE-2020-8655 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Eyesofnetwork Eyesofnetwork. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
EyesOfNetwork 5.3 is affected by a privilege escalation vulnerability stemming from its sudoers configuration. The flaw allows the apache user to execute arbitrary commands as root by supplying a crafted NSE script to nmap 7, corresponding to CWE-269 improper privilege management.
An attacker able to influence or control actions performed by the apache user can exploit the misconfiguration to run commands with full root privileges. The vulnerability is rated 7.8 under CVSS 3.1 with an AV:L/AC:L/PR:N/UI:R vector, indicating local access requirements but high impact on confidentiality, integrity, and availability.
Publicly available exploit material on PacketStorm Security demonstrates remote code execution and command execution through the AutoDiscovery target feature, with additional context provided in the EyesOfNetworkCommunity eonconf GitHub issue tracker. No official patch or mitigation details are referenced in the available sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-29503
Vulnerability details
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters the CWE-269 improper privilege management by restricting the apache user to only the minimal privileges required, eliminating the ability to invoke nmap with arbitrary NSE scripts as root.
Enforces the intended access control policy expressed in sudoers so that the apache account cannot execute commands with root privileges via the crafted nmap invocation.
Requires secure, documented configuration settings for sudoers and related binaries, preventing the overly permissive nmap execution rule that enables the privilege escalation.