Infinera G42 Sudoers Misconfiguration Vulnerability Allowing Memory Access and Privilege Escalation

Vulnerability

A misconfiguration in the sudoers file of Infinera G42 version R6.1.3 enables low-privileged operating system users to read and write physical memory using the devmem command line tool. This vulnerability could lead to unauthorized disclosure of sensitive information, denial of service, and privilege escalation by manipulating kernel memory. The sudo -l command reveals that devmem can be executed as a superuser without a password, allowing access to arbitrary memory areas by specifying absolute addresses.

Impact

Exploitation of this vulnerability could result in unauthorized access to physical memory, allowing for sensitive information disclosure, disruption of services, and unauthorized privilege escalation by tampering with kernel memory.

Added: Jul 2, 2025, 9:19 AM

Updated: Jul 2, 2025, 9:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Infinera G42 Sudoers Misconfiguration Vulnerability Allowing Memory Access and Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating