Ilevia EVE X1/X5 Server Passwordless Sudo Privilege Escalation Vulnerability

A vulnerability exists in Ilevia EVE X1/X5 Server versions through 4.7.18.0.eden, due to a misconfiguration in the sudoers file that allows certain Bash scripts to be executed with sudo privileges without a password. This issue can be exploited if the scripts are writable by web-facing users or accessible through command injection. Attackers can replace these scripts with malicious payloads, which, when executed with sudo, provide full root access, leading to remote privilege escalation and potential system compromise.

Impact

Exploitation of this vulnerability allows for unauthorized root access on the affected server, enabling an attacker to execute any command with administrative privileges. This could result in a complete system compromise.

Reproduction

The vulnerability can be reproduced by uploading a malicious payload to a writable Bash script that is executed via sudo without a password. This can be done through a web application interface that allows file uploads or command injection. Once the payload is in place, the script can be executed with sudo privileges, providing root access.