CVE-2020-21583

CWE-78OS Command Injection6 documents6 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 88.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Kernel Util-linux
Timeline
PublishedAug 22

Description

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDkernel/util-linux< 2.27
Debianutil-linux< 2.27-1+3

Patches

Patch: bugs.debian.orgPatch: bugs.debian.org

🔴Vulnerability Details

3
OSV
CVE-2020-21583: An issue was discovered in hwclock2023-08-22
GHSA
GHSA-c5mr-x8m3-hpc9: An issue was discovered in hwclock2023-08-22
CVEList
CVE-2020-21583: An issue was discovered in hwclock2023-08-22

📋Vendor Advisories

2
Red Hat
util-linux: arbitrary commands execution via the path parameter2023-08-22
Debian
CVE-2020-21583: util-linux - An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated p...2020
CVE-2020-21583 (MEDIUM CVSS 6.7) | An issue was discovered in hwclock. | cvebase.io