CVE-2023-26604
ADVISORY - nistSummary
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
EPSS Score: 0.04714 (0.889)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Privilege Management
NIST
CREATED
UPDATED
ADVISORY IDCVE-2023-26604
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.8highDebian
CREATED
UPDATED
ADVISORY IDCVE-2023-26604
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2023-26604
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.8lowAlma
CREATED
UPDATED
ADVISORY IDALSA-2023:3837
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2-2023-2004
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2023-26604
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.1mediumRocky
CREATED
UPDATED
ADVISORY IDRLSA-2023:3837
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowOracle
CREATED
UPDATED
ADVISORY IDELSA-2023-3837
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumOracle
CREATED
UPDATED
ADVISORY IDELSA-2024-7705
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-c36v-49xq-6wwc
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Photon
CREATED
UPDATED
ADVISORY ID
CVE-2023-26604
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.8highintheWild
CREATED
UPDATED
ADVISORY IDCVE-2023-26604
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-