CVE-2023-22809 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 25, 2024
CVE-2023-22809 is a high-severity vulnerability affecting Sudo software before version 1.9.12p2. This vulnerability allows a local attacker to escalate their privileges by appending arbitrary entries to the list of files to process. It impacts various systems running affected versions of Sudo, including the Cisco ThousandEyes Enterprise Agent Virtual Appliance and Debian 10 buster. Users are advised to update their Sudo packages to mitigate the risk.
How do I know if I'm affected?
If you're concerned about the vulnerability, you should check if you're using affected software versions. The vulnerability impacts Sudo versions 1.8.0 through 1.9.12p1, the Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 on Linux/Ubuntu 18.04, and Debian 10 buster with sudo package versions earlier than 1.8.27-1+deb10u5. If you're using any of these versions, you may be at risk.
What should I do if I'm affected?
If you're affected by the vulnerability, update your Sudo software to version 1.9.12p2 or later. For Debian 10 buster users, upgrade the sudo package to version 1.8.27-1+deb10u5. Cisco ThousandEyes Enterprise Agent Virtual Appliance users should update to the latest version. Always keep your software up-to-date to stay protected from security threats.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-22809 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity vulnerability, discovered in Sudo software, allows local attackers to escalate their privileges by appending arbitrary entries to the list of files to process. It has been fixed in Sudo version 1.9.12p2, and users are advised to update their software to mitigate the risk.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-269, which is related to improper privilege management in Sudo software, allowing local attackers to edit arbitrary files and escalate privileges. Update your software to stay protected.
For more details
CVE-2023-22809 is a high-severity vulnerability that affects Sudo software and can lead to privilege escalation. By updating to the latest software versions and following recommended mitigation strategies, users can protect their systems from this vulnerability. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-22809 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 25, 2024
CVE-2023-22809 is a high-severity vulnerability affecting Sudo software before version 1.9.12p2. This vulnerability allows a local attacker to escalate their privileges by appending arbitrary entries to the list of files to process. It impacts various systems running affected versions of Sudo, including the Cisco ThousandEyes Enterprise Agent Virtual Appliance and Debian 10 buster. Users are advised to update their Sudo packages to mitigate the risk.
How do I know if I'm affected?
If you're concerned about the vulnerability, you should check if you're using affected software versions. The vulnerability impacts Sudo versions 1.8.0 through 1.9.12p1, the Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 on Linux/Ubuntu 18.04, and Debian 10 buster with sudo package versions earlier than 1.8.27-1+deb10u5. If you're using any of these versions, you may be at risk.
What should I do if I'm affected?
If you're affected by the vulnerability, update your Sudo software to version 1.9.12p2 or later. For Debian 10 buster users, upgrade the sudo package to version 1.8.27-1+deb10u5. Cisco ThousandEyes Enterprise Agent Virtual Appliance users should update to the latest version. Always keep your software up-to-date to stay protected from security threats.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-22809 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity vulnerability, discovered in Sudo software, allows local attackers to escalate their privileges by appending arbitrary entries to the list of files to process. It has been fixed in Sudo version 1.9.12p2, and users are advised to update their software to mitigate the risk.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-269, which is related to improper privilege management in Sudo software, allowing local attackers to edit arbitrary files and escalate privileges. Update your software to stay protected.
For more details
CVE-2023-22809 is a high-severity vulnerability that affects Sudo software and can lead to privilege escalation. By updating to the latest software versions and following recommended mitigation strategies, users can protect their systems from this vulnerability. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-22809 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 25, 2024
CVE-2023-22809 is a high-severity vulnerability affecting Sudo software before version 1.9.12p2. This vulnerability allows a local attacker to escalate their privileges by appending arbitrary entries to the list of files to process. It impacts various systems running affected versions of Sudo, including the Cisco ThousandEyes Enterprise Agent Virtual Appliance and Debian 10 buster. Users are advised to update their Sudo packages to mitigate the risk.
How do I know if I'm affected?
If you're concerned about the vulnerability, you should check if you're using affected software versions. The vulnerability impacts Sudo versions 1.8.0 through 1.9.12p1, the Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 on Linux/Ubuntu 18.04, and Debian 10 buster with sudo package versions earlier than 1.8.27-1+deb10u5. If you're using any of these versions, you may be at risk.
What should I do if I'm affected?
If you're affected by the vulnerability, update your Sudo software to version 1.9.12p2 or later. For Debian 10 buster users, upgrade the sudo package to version 1.8.27-1+deb10u5. Cisco ThousandEyes Enterprise Agent Virtual Appliance users should update to the latest version. Always keep your software up-to-date to stay protected from security threats.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-22809 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity vulnerability, discovered in Sudo software, allows local attackers to escalate their privileges by appending arbitrary entries to the list of files to process. It has been fixed in Sudo version 1.9.12p2, and users are advised to update their software to mitigate the risk.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-269, which is related to improper privilege management in Sudo software, allowing local attackers to edit arbitrary files and escalate privileges. Update your software to stay protected.
For more details
CVE-2023-22809 is a high-severity vulnerability that affects Sudo software and can lead to privilege escalation. By updating to the latest software versions and following recommended mitigation strategies, users can protect their systems from this vulnerability. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.