CVE-2013-10052
BaseFortify
Publication date: 2025-08-04
Last updated on: 2025-08-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zpanel | zpanel | * |
| zpanel | zsudo | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2013-10052 is a local privilege escalation vulnerability in ZPanel's helper binary called zsudo. When zsudo is misconfigured in the /etc/sudoers file, low-privileged users can exploit it to execute arbitrary commands as the root user. This happens because zsudo allows restricted privilege escalation for administrative tasks, but improper sudoers configuration lets attackers with local shell access write and execute a payload with root privileges. This vulnerability is especially dangerous after an attacker has compromised the web server and gained limited access, as they can then escalate their privileges to root. [1, 2, 4]
How can this vulnerability impact me? :
This vulnerability allows an attacker who already has limited local access (such as a web server user) to escalate their privileges to root. This means the attacker can gain full control over the affected system, compromising confidentiality, integrity, and availability. They can execute arbitrary commands as root, potentially installing malware, stealing data, or disrupting services. The attack requires low complexity and no user interaction, making it a serious risk in post-exploitation scenarios. [1, 2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the zsudo binary is present and if it is configured in the /etc/sudoers file to allow execution by low-privileged users. You can verify the presence of the zsudo binary with a command like `ls -l /etc/zpanel/panel/bin/zsudo` (default path). To check the sudoers configuration, you can run `sudo cat /etc/sudoers` or `sudo visudo -c` and look for entries allowing zsudo execution by non-root users. Additionally, verifying writable directories like /tmp for suspicious executable files or scripts related to zsudo usage may help detect exploitation attempts. Since a Metasploit module exists, you can also use it to test if the system is vulnerable by attempting controlled exploitation in a safe environment. [1, 2, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing or restricting the zsudo entry in the /etc/sudoers file to prevent low-privileged users from executing it with elevated privileges. Ensure that zsudo is not accessible or executable by unauthorized users. You can edit the sudoers file using `visudo` to remove or tighten permissions for zsudo. Additionally, restrict write permissions on directories like /tmp to prevent attackers from placing payloads there. If zsudo is not required, consider removing the binary entirely. Applying these changes will prevent local users with limited privileges from escalating their privileges via this vulnerability. [1, 2, 4]