Cyclades Serial Console Server Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability has been identified in Cyclades Serial Console Server version 3.3.0. This issue arises from excessively permissive sudo privileges granted to the admin user and admin group. Exploiting the default user configuration allows attackers to gain root access by manipulating system binaries and taking advantage of the unrestricted sudo permissions.

Impact

Exploitation of this vulnerability allows for local privilege escalation, enabling a user to gain root access on the system.

Reproduction

The vulnerability can be reproduced by first verifying the sudo privileges of the admin user or any user in the admin group. This can be done by checking the sudoers file, which reveals the risky permissions assigned to various binaries. Once confirmed, the vulnerability can be exploited by replacing a system binary, such as bash, with a malicious version that includes a payload. After executing the payload with elevated privileges, the binary can be restored to its original state.