Main Banks Non-banking financial sector Cyber fraud

CVE-2020-8446

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.

    Product

  • ossec ossec 2.7
  • ossec ossec 2.7.0
  • ossec ossec 2.7.1
  • ossec ossec 2.8.0
  • ossec ossec 2.8.1
  • ossec ossec 2.8.2
  • ossec ossec 2.8.3
  • ossec ossec 2.9.0
  • ossec ossec 2.9.1
  • ossec ossec 2.9.2
  • ossec ossec 2.9.3
  • ossec ossec 2.9.4
  • ossec ossec 3.0.0
  • ossec ossec 3.1.0
  • ossec ossec 3.2.0
  • ossec ossec 3.3.0
  • ossec ossec 3.4.0
  • ossec ossec 3.5.0

Score

2.1

Source

http://nvd.nist.gov

Access-complexity

LOW

Access-vector

LOCAL