CVE-2020-21583

low-risk

Published 2023-08-22

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Util-Linux

Affected Vendors

Kernel

References (5)

Exploit https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786804

Exploit https://packetstormsecurity.com/files/132061/hwclock-Privilege-Escalation.html

Exploit https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786804

Exploit https://packetstormsecurity.com/files/132061/hwclock-Privilege-Escalation.html

https://security.netapp.com/advisory/ntap-20241220-0006/

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal