Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0823 — Performance Co-pilot vulnerability

4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.6%

top 30.11%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SGI Performance Co-pilot

Timeline

PublishedDec 6

Latest updateMay 3

Description

The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDsgi/performance_co-pilot12 versions+11

Patches

Patch: patches.sgi.com ↗Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-c5rv-x26g-gpxm: The pmpost program in Performance Co-Pilot (PCP) before 2↗2022-05-03

▶

CVEList

CVE-2001-0823: The pmpost program in Performance Co-Pilot (PCP) before 2↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

SGI Performance Co-Pilot 2.1.x/2.2 - pmpost Symbolic Link↗2001-06-18

▶