Privilege Escalation via sudo and Linux kernel in Bosch Rexroth Products

Published

2021-02-24 00:00:00 UTC

Summary

BOSCH-SA-372917: Linux kernel versions through 5.10.11 contain weaknesses which allow local users to execute code in the kernel with the potential to escalate privileges [1][2]. In versions of sudo before 1.9.5p2 there is a weakness present which allows privilege escalation to root for local users [3]. The ctrlX CORE and the IoT Gateway both are shipped with vulnerable versions of those components. To exploit the vulnerabilities access via terminal or Secure shell (SSH) is required.