Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0972 — Link Following in HP Hp-ux

CWE-59 — Link Following CWE-61 — UNIX Symbolic Link (Symlink) Following8 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

1.7%

top 17.62%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Hp-ux

Timeline

PublishedDec 19

Latest updateApr 30

Description

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDhp/hp-ux11.00

🔴Vulnerability Details

GHSA

GHSA-x2cg-9rfp-53mf: HP-UX 11↗2022-04-30

▶

CVEList

CVE-2000-0972: HP-UX 11↗2001-01-22

▶

💥Exploits & PoCs

Exploit-DB

HP-UX 11.00/10.20 crontab - Overwrite Files↗2000-11-19

▶

Exploit-DB

HP-UX 10.20/11.0 - crontab '/tmp' File↗2000-10-20

▶

📐Framework References

CAPEC

Leveraging Race Conditions via Symbolic Links

▶

CWE

Improper Link Resolution Before File Access ('Link Following')↗

▶

CWE

UNIX Symbolic Link (Symlink) Following↗

▶