A vulnerability in Sudo, open-source software used within HP's Aruba AirWave management platform, can enable any unprivileged and unauthorized local user to acquire root privileges on a vulnerable host, as warned by Hewlett Packard Enterprise (HPE). According to a recent HPE security advisory, the Sudo vulnerability may be part of a "chained attack." An attacker gains a foothold with fewer rights via another flaw and then exploits this to escalate privileges. The Aruba AirWave management platform for wired and wireless infrastructures is HPE's real-time monitoring and security warning system. In January, researchers at Qualys discovered the Sudo issue (CVE-2021-3156) and think it affects millions of endpoint devices and systems. According to the Sudo license, Sudo is software used by various platforms that allows a system admin to distribute power to give particular users (or groups of users) the ability to perform certain (or all) commands as root or another user.” Mehul Revankar, Qualys' VP of Product Management and Engineering, defined the Sudo bug as "perhaps the most significant Sudo vulnerability in recent memory (both in terms of scope and impact) and has been hiding in plain sight for nearly 10 years" in a research note at the time it was discovered. For HPE, the company officially reported the issue last week, stating that it impacted the AirWave management platform prior to version 8.2.13.0, released on June 18, 2021. According to the security bulletin, “A vulnerability in the command line parameter parsing code of Sudo could allow an attacker with access to Sudo to execute commands or binaries with root privileges.” The Sudo vulnerability has been termed "Baron Samedit" by Qualys researchers, who claim the flaw was introduced into the Sudo code in July 2 ..
Support the originator by clicking the read the rest link below.
