CVE-2018-20052

Vulnerability

Cerner Connectivity Engine (CCE) 4 devices running firmware builds prior to 12/2018 have a vulnerability where the user running the main CCE firmware possesses NOPASSWD sudo privileges to several utilities. This allows the user to execute commands as root without a password. One example is creating a symbolic link from a script in /tmp to a cron job directory, which then executes with root privileges. Affected versions: all CCE 4 firmware builds before December 2018 [1].

Exploitation

An attacker must have local access to the CCE device and be logged in as the user running the main CCE firmware (which has NOPASSWD sudo privileges). The attacker can then use commands like sudo ln -s /tmp/script /etc/cron.hourly/script to place a malicious script in a cron directory. When the cron job runs, the script executes with root privileges [1].

Impact

Successful exploitation allows the attacker to escalate privileges to root, gaining full control over the CCE device. This can lead to complete compromise of the device, including the ability to modify configurations, access sensitive data, and disrupt operations [1].

Mitigation

Cerner released a firmware update after December 2018 that addresses this vulnerability. Users should update to any firmware version released after 12/2018 [1]. If updating is not immediately possible, restrict local access to trusted users only and monitor for unauthorized cron job modifications.