Vulnerability Details : CVE-2002-0424
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.
Exploit prediction scoring system (EPSS) score for CVE-2002-0424
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-0424
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2002-0424
Products affected by CVE-2002-0424
- cpe:2.3:a:efingerd:efingerd:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:efingerd:efingerd:1.6.1:*:*:*:*:*:*:*