CVE-2020-14342
7.0
HIGH
CVSS 3.1
EPSS 0.13%
Description
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.
How to fix CVE-2020-14342
To remediate CVE-2020-14342, upgrade the affected package to a fixed version below.
- Alpine/cifs-utils—upgrade to 0 or later
- —upgrade to 2:6.11-1 or later
Is CVE-2020-14342 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0
- from 0, < 2:6.11-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |