AZL-6353

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6353.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-6353

Upstream

CVE-2020-14342

Published

2020-09-09T12:15:11Z

Modified

2026-04-21T04:32:10.298643Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2020-14342 affecting package cifs-utils for versions less than 6.8-6

Details

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-14342

Affected packages

Azure Linux:2 / cifs-utils

Package

Name: cifs-utils
Purl: pkg:rpm/azure-linux/cifs-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.8-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6353.json"