CVE-2012-10022

NONE

Description

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

• NIST NVD
• MITRE CVE