all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Intel Data Center Manager 5.1 Local Privilege Escalation

Add to bookmarks
Dec. 9, 2022, 2:48 p.m. |

Packet Storm packetstormsecurity.com

The latest version (5.1) and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user (i.e., through Log4j) is then able to escalate their privileges to root by abusing a weak sudo configuration for the "dcm" user.

center data data center escalation intel local local privilege escalation manager privilege privilege escalation

Visit resource

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6750-1 17 hours ago | packetstormsecurity.com
arbitrary code attacker browsing bypass +19
Ubuntu Security Notice USN-6743-3 17 hours ago | packetstormsecurity.com
attacker compromise kernel linux +8
Ubuntu Security Notice USN-6657-2 17 hours ago | packetstormsecurity.com
attacker dnsmasq dnssec issue +12
Ubuntu Security Notice USN-6749-1 17 hours ago | packetstormsecurity.com
arbitrary code attacker code context +11
Red Hat Security Advisory 2024-2060-03 17 hours ago | packetstormsecurity.com
advisory bugs denial of service fix +12
Red Hat Security Advisory 2024-2055-03 17 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +4
Red Hat Security Advisory 2024-2045-03 17 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
Red Hat Security Advisory 2024-2044-03 17 hours ago | packetstormsecurity.com
advisory enterprise gnutls information +8
Red Hat Security Advisory 2024-2042-03 17 hours ago | packetstormsecurity.com
advanced advisory critical critical update +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cyber Security Cloud Solution Architect

@ Microsoft | London, London, United Kingdom
View on infosec-jobs.com

Compliance Program Analyst

@ SailPoint | United States
View on infosec-jobs.com

Software Engineer III, Infrastructure, Google Cloud Security and Privacy

@ Google | Sunnyvale, CA, USA
View on infosec-jobs.com

Cryptography Expert

@ Raiffeisen Bank Ukraine | Kyiv, Kyiv city, Ukraine
View on infosec-jobs.com

Senior Cyber Intelligence Planner (15.09)

@ OCT Consulting, LLC | Washington, District of Columbia, United States
View on infosec-jobs.com
View more jobs