CVE-2022-50927
Local Privilege Escalation in Cyclades Serial Console Server
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cyclades | serial_console_server | 3.3.0 |
| cyclades | serial_console_server | From 1.0.0 (inc) to 3.3.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50927 is a local privilege escalation vulnerability in Cyclades Serial Console Server versions 1.0.0 through 3.3.0. It occurs because the default admin user and admin group have overly permissive sudo privileges, allowing local users to execute various system binaries without restriction. Attackers can exploit this by manipulating system binaries (for example, swapping /bin/bash and /bin/sed) to gain root access, effectively escalating their privileges on the system. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows an attacker with local access to escalate their privileges to root, giving them full control over the affected system. This can lead to unauthorized access to sensitive data, modification or deletion of system files, and disruption of system availability. Essentially, it compromises the confidentiality, integrity, and availability of the system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the sudoers configuration for overly permissive sudo privileges assigned to the 'admin' user and 'admin' group. One method is to extract and mount the firmware image of the Cyclades Serial Console Server and check the sudoers file for unrestricted sudo access to system binaries such as /bin/mv. Commands to check sudo privileges locally include running 'sudo -l' as an admin user to list allowed commands. Additionally, inspecting the /etc/sudoers file or files in /etc/sudoers.d/ for entries granting unrestricted sudo access to the admin user/group can help detect the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing or restricting the overly permissive sudo privileges assigned to the admin user and admin group. This involves editing the sudoers configuration to limit or remove unrestricted access to risky binaries such as /bin/mv. Applying software updates or patches that address this vulnerability, or upgrading to a newer, non-vulnerable version of the Cyclades Serial Console Server software, is also recommended. Additionally, limiting local user access to trusted users and monitoring for suspicious activity can help reduce risk. [1, 2]