Cerner - Connectivity Engine 4 Firmware CVE

Filtered by vendor Cerner Subscribe

Filtered by product Connectivity Engine 4 Firmware

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-20052	1 Cerner	2 Connectivity Engine 4, Connectivity Engine 4 Firmware	2019-10-03	7.2 HIGH	7.8 HIGH
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command.

Vulnerabilities (CVE)