Privilege Escalation via Sudo Vulnerability in Pi-Hole

Privilege Escalation via Sudo Vulnerability in Pi-Hole

CVE-2020-14162 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command.

Learn more about our User Device Pen Test.