Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cryoserver | cryoserver_security_appliance | 7.3.2 |
| cryoserver | cryoserver_security_appliance | 7.3.1 |
| cryoserver | cryoserver_security_appliance | 7.3.0 |
| cryoserver | cryoserver_security_appliance | 7.3.4 |
| cryoserver | cryoserver_security_appliance | 7.3.3 |