Telefonica O2 Connection Manager 3.4 Local Privilege Escalation

O2 Connection Manager suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable files with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘F’ flag (Full) for ‘Everyone’ group, making the entire directory ‘O2 Connection Manager’ and its files and sub-dirs world-writable.

Leave a Reply