CVE-2022-41973
Published: 29 October 2022
Summary
CVE-2022-41973 is a high-severity Link Following (CWE-59) vulnerability in Opensvc Multipath-Tools. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 46.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-45077
Vulnerability details
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled…
more
file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.