Default Perms PrivEsc in saphanabootstrap-formula <0.13.1 on SUSE
CVE-2022-45153 Published on February 15, 2023
saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.
Vulnerability Analysis
CVE-2022-45153 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
Products Associated with CVE-2022-45153
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-45153 are published in these products:
Affected Versions
SUSE Linux Enterprise Module for SAP Applications 15-SP1:- Version saphanabootstrap-formula and below 0.13.1+git.1667812208.4db963e is affected.
- Version saphanabootstrap-formula and below 0.13.1+git.1667812208.4db963e is affected.
- Version saphanabootstrap-formula and below 0.13.1+git.1667812208.4db963e is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.