Insecure Sudo Configuration in Security Onion v2 prior to 2.3.10

Insecure Sudo Configuration in Security Onion v2 prior to 2.3.10

CVE-2020-27985 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup.

Learn more about our User Device Pen Test.