{"vulnerability": "CVE-2023-2280", "sightings": [{"uuid": "03b2cadc-602b-4458-9c25-4d1b5baa9b52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}, {"uuid": "2c0d94bb-1438-4cb0-993c-6283eb68bc9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "https://gist.github.com/spynika/da9c6db01a818bc5a329b895afae2f29", "content": "", "creation_timestamp": "2025-02-24T06:56:17.000000Z"}, {"uuid": "a7e713b2-3dd1-4d5a-9dd8-18f8a4f2bb46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "3613a011-7c1f-4453-bfb3-b35fb4a50b71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:51.000000Z"}, {"uuid": "7d2fa033-ae37-4cec-b5b3-f0d074ea9232", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lswmgs45us2x", "content": "", "creation_timestamp": "2025-07-01T21:12:23.097011Z"}, {"uuid": "37c12516-81f3-4af0-ae28-bc23b65d2a37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:00.000000Z"}, {"uuid": "6a4840a0-ddb2-48f8-939a-46e33e407999", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/sudoedit_bypass_priv_esc.rb", "content": "", "creation_timestamp": "2023-05-23T13:57:43.000000Z"}, {"uuid": "ccaf4a54-35fc-497f-ac33-71b0630e979a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-22809", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3m25ug4fw4y2q", "content": "", "creation_timestamp": "2025-10-01T20:20:09.013485Z"}, {"uuid": "5ce5eff0-d137-4df8-8543-1fa6d4f34167", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "cd6eba8f-a631-4b9d-a629-0d839048fa94", "vulnerability": "CVE-2023-22809", "type": "exploited", "source": "https://github.com/range42/range42-catalog/tree/main/03_container_layer/docker/_ctf/cve/system/sudo/CVE-2023-22809", "content": "", "creation_timestamp": "2026-04-15T14:28:37.746192Z"}, {"uuid": "7638678e-b8b8-48ab-b921-1c5dbacbdadb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "Telegram/-3iReh3T6bPmUI9BLCEdfKilXbeOAtkjMJu1cqK_hdXRW1Q", "content": "", "creation_timestamp": "2023-03-05T09:17:01.000000Z"}, {"uuid": "c16b64c7-54ab-4d61-8d5c-5a4ed7876d5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/DEVIL_TEAM11/83", "content": "\u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u0646\u0635\u064a \u0644\u0644\u0623\u062a\u0645\u062a\u0629 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2023-22809 \u0644\u0627\u0643\u062a\u0633\u0627\u0628 \u062c\u0630\u0631 shell.\n\n\u064a\u062a\u062d\u0642\u0642 \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u0646\u0635\u064a \u0645\u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u062d\u0627\u0644\u064a \u0644\u062f\u064a\u0647 \u062d\u0642 \u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0623\u0645\u0631 sudoedit \u0623\u0648 sudo -e \u0644\u0628\u0639\u0636 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u062a\u064a \u0644\u0647\u0627 \u062d\u0642 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u062c\u0630\u0631. \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0623\u0645\u0631 \u0643\u0630\u0644\u0643 \u060c \u0641\u0625\u0646\u0647 \u064a\u0641\u062a\u062d \u0645\u0644\u0641 sudoers \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0644\u062a\u0642\u062f\u064a\u0645 \u0633\u064a\u0627\u0633\u0629 \u0648\u0635\u0648\u0644 \u0645\u0631\u062a\u0641\u0639\u0629 \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u062d\u0627\u0644\u064a \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u063a\u0644\u0627\u0641 \u062c\u0630\u0631.\n\n---------------------------------------------------\n\u2022 \ud835\udc37\ud835\udc38\ud835\udc49\ud835\udc3c\ud835\udc3f \ud83d\ude08 \ud835\udc47\ud835\udc38\ud835\udc34\ud835\udc40\n---------------------------------------------------", "creation_timestamp": "2023-01-31T11:21:39.000000Z"}, {"uuid": "3aff841c-cb67-4ea7-a987-11337203f19b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3702", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aA script to automate privilege escalation with CVE-2023-22809 vulnerability\nURL\uff1ahttps://github.com/Live-Hack-CVE/CVE-2023-22884\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-01-21T16:03:21.000000Z"}, {"uuid": "c829f0cb-609e-4112-8010-9b2b20c0668a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/monkey_hacker/50", "content": "Sudoedit Privilege Escalation (CVE-2023-22809)\n\n#RU\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u044c\u0442\u0435, \u0447\u0442\u043e \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c sudoedit \n\ncat /etc/sudoers\n\n\u0412\u0432\u0435\u0434\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0434\u044d\u0448, \u043c\u044b \u043c\u043e\u0436\u0435\u043c \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043d\u0430\u0448 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 root\n \nexport EDITOR='vim -- /path/to/your/files'\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0447\u0438\u0442\u0430\u0442\u044c/\u043f\u0438\u0441\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root\n\nsudoedit /etc/custom/service.conf\n\n#EN\n\nCheck that you can use sudoedit \n\ncat /etc/sudoers\n\nBy introducing an extra dash, we can make our editor work as root\n \nexport EDITOR='vim -- /path/to/your/files'\n\nNow you can read/write files with root\n\nsudoedit /etc/custom/service.conf\n\nTools:\n\nhttps://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc", "creation_timestamp": "2023-03-06T07:02:57.000000Z"}, {"uuid": "33cf9991-5640-452f-860d-bf246777e657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/kasraone_com/288", "content": "CVE-2023-22809\n\nGithub: https://github.com/hello4r1end/patch_CVE-2023-22809", "creation_timestamp": "2023-06-08T20:28:49.000000Z"}, {"uuid": "6a537673-a223-4285-b58c-22466ce1834c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "Telegram/q9fFRnJHs2vy8eierAxlvfvGG7FAfwv7rU4j260YFg", "content": "", "creation_timestamp": "2023-08-08T11:22:13.000000Z"}, {"uuid": "077885f6-15eb-49b3-a960-d523666d2844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "Telegram/C5Uti98yNMibrytNOYJF3eWZ7TSU5JhC3eF6W16W_xddRY4", "content": "", "creation_timestamp": "2025-07-30T15:00:07.000000Z"}, {"uuid": "fd120cd2-d631-46ea-b63c-044f7880b790", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2756", "content": "Sudoedit Privilege Escalation (CVE-2023-22809)\n\n#RU\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u044c\u0442\u0435, \u0447\u0442\u043e \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c sudoedit \n\ncat /etc/sudoers\n\n\u0412\u0432\u0435\u0434\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0434\u044d\u0448, \u043c\u044b \u043c\u043e\u0436\u0435\u043c \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043d\u0430\u0448 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 root\n \nexport EDITOR='vim -- /path/to/your/files'\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0447\u0438\u0442\u0430\u0442\u044c/\u043f\u0438\u0441\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root\n\nsudoedit /etc/custom/service.conf\n\n#EN\n\nCheck that you can use sudoedit \n\ncat /etc/sudoers\n\nBy introducing an extra dash, we can make our editor work as root\n \nexport EDITOR='vim -- /path/to/your/files'\n\nNow you can read/write files with root\n\nsudoedit /etc/custom/service.conf\n\nTools:\n\nhttps://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc", "creation_timestamp": "2023-03-06T08:01:41.000000Z"}, {"uuid": "16353368-293f-4297-8aa1-1f956c7389ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "Telegram/kmLmfR2qgDl-y4H1267yOaSFPwmLD6VzDVOSZp0iv0TjqQo", "content": "", "creation_timestamp": "2023-01-23T17:33:15.000000Z"}, {"uuid": "6dc423f2-f0e9-406a-ac52-607bc3d89260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3701", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aA script to automate privilege escalation with CVE-2023-22809 vulnerability\nURL\uff1ahttps://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-01-21T15:26:34.000000Z"}, {"uuid": "93b69503-0bbe-4a17-980e-e6a3d75fb69a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4111", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-22809 Linux Sudo\nURL\uff1ahttps://github.com/CKevens/CVE-2023-22809-sudo-POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-04-06T06:51:01.000000Z"}, {"uuid": "4151c212-1aef-45ed-8e5b-8fe33e701973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "Telegram/oEpDq4nvOVYFCcppsp5K6CaD4M9bpsukqHIxxylw0ccHvw", "content": "", "creation_timestamp": "2023-11-24T01:31:42.000000Z"}, {"uuid": "e5c1ed1b-6038-42e9-8db0-07d07791d648", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "https://t.me/proxy_bar/1303", "content": "CVE-2023-22809 - \u043e\u043f\u044f\u0442\u044c Sudo, \u043e\u043f\u044f\u0442\u044c bypass\ud83d\ude0f\n\n#Unix #linux #sudo #bypass", "creation_timestamp": "2023-01-19T14:49:11.000000Z"}, {"uuid": "cda02c9d-f4ed-44d5-af96-139586f9e643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "https://t.me/arpsyndicate/43", "content": "#ExploitObserverAlert\n\nCVE-2023-22809\n\nDESCRIPTION: Exploit Observer has 214 entries related to CVE-2023-22809. In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a \"--\" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.\n\nFIRST-EPSS: 0.000520000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-10T19:52:34.000000Z"}, {"uuid": "f07a5771-b3e2-4e19-aaa9-3a0a172dd4ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1305", "content": "", "creation_timestamp": "2023-01-21T01:03:31.000000Z"}, {"uuid": "f40bc839-019a-4901-9b44-0dd92cc0743a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "Telegram/Ur9eOBf3vrJ6Gxp7zW41MgJgKlU8Bcrbsn39JM-7z8Sqi3Y", "content": "", "creation_timestamp": "2023-12-25T20:23:26.000000Z"}, {"uuid": "66b835d5-57b6-4a71-8953-2237e5f4b263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "Telegram/kPpa5QzJxWce3SSmV41Oc0iUSBkWZrUIFhBZoJGNqBQdIfw", "content": "", "creation_timestamp": "2023-03-01T13:55:17.000000Z"}, {"uuid": "1f39145d-7cb9-47f4-859d-a093030fa18a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "Telegram/4zjJ2dc-KF-ndhR-ZKTupIfCX06Zijf4Xa9TGlUepBl7wPI", "content": "", "creation_timestamp": "2023-02-10T16:04:06.000000Z"}, {"uuid": "260b7f2d-4ab0-49dd-ad43-4c706ddc581d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "Telegram/QOcg4g2tbRVGWWW9xtyovRyUZ925Qv5_tbjHS6E12x54yqI", "content": "", "creation_timestamp": "2023-03-01T13:55:17.000000Z"}, {"uuid": "011b0309-dcb0-4c21-a1e6-c9155de98950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "Telegram/PVifoMCLHmclNV2rhqupPoCfzvHg20YQG-qR0jBMPtiXeBI", "content": "", "creation_timestamp": "2023-02-07T16:48:05.000000Z"}, {"uuid": "e7a1c2e6-7f28-4929-a5af-133d3283a956", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "https://t.me/true_secator/4236", "content": "\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f QNAP \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 NAS \u043d\u0430 \u0431\u0430\u0437\u0435 Linux \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 Sudo.\n\nCVE-2023-22809 \u0438\u043c\u0435\u0435\u0442 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Synacktiv.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 sudoers \u0432 Sudo \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 sudoedit. \u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043d\u0430 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u0435\u0440\u0441\u0438\u0439 Sudo \u0441 1.8.0 \u043f\u043e 1.9.12p1 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e\u0441\u043b\u0435 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u043c\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0430\u043a\u0436\u0435 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b NAS QTS, QuTS hero, QuTScloud \u0438 QVP (QVR Pro appliances), \u043e \u0447\u0435\u043c QNAP \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u0432 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u0445 QTS \u0438 QuTS hero, \u043e\u0434\u043d\u0430\u043a\u043e \u043e\u043d\u0438 \u0432\u0441\u0435 \u0435\u0449\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043d\u0430\u0434 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 QuTScloud \u0438 QVP.\n\n\u0412 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445 QNAP \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-22809 \u043d\u0435 \u0444\u0438\u0433\u0443\u0440\u0438\u0440\u0443\u0435\u0442 \u043a\u0430\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043d\u043e \u0432 \u0432\u0438\u0434\u0443 \u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041d\u0435 \u0441\u0442\u043e\u0438\u0442 \u043f\u0440\u0435\u043d\u0435\u0431\u0440\u0435\u0433\u0430\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c, \u0442\u0430\u043a \u043a\u0430\u043a \u043d\u0438 \u0434\u043b\u044f \u043a\u043e\u0433\u043e \u043d\u0435 \u0441\u0435\u043a\u0440\u0435\u0442, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u044e\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u0435\u0441 \u043a \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 QNAP NAS, \u043e \u0447\u0435\u043c \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u044e\u0442 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 DeadBolt \u0438 eCh0raix, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u043a \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0443.", "creation_timestamp": "2023-03-30T17:02:36.000000Z"}, {"uuid": "afdd119f-ad70-45f8-a5f8-2d51d0aedbb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2324", "content": "#exploit\nCVE-2023-22809:\nSudo Sudoedit Vulnerability", "creation_timestamp": "2023-01-19T22:34:18.000000Z"}, {"uuid": "eca31d51-c102-488e-b6c8-7b868e693511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2395", "content": "#Offensive_security\n1. Cobalt Strike Beacon Object File for kernel exploitation using AMD's Ryzen Master Driver (version 17)\nhttps://github.com/tijme/amd-ryzen-master-driver-v17-exploit\n2. A script to automate privilege escalation with CVE-2023-22809 vulnerability\nhttps://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc", "creation_timestamp": "2023-01-23T17:17:49.000000Z"}, {"uuid": "0ed87be3-d50f-445b-8729-47c153baba4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2390", "content": "CVE-2023-22809 \u2013 sudo Privilege escalation\n\nAffected sudo versions: 1.8.0 to 1.9.12p1\n\nThis script automates the exploitation of the CVE-2023-22809 vulnerability to gain a root shell.\n\nScript: https://system32.ink/news-feed/p/170/", "creation_timestamp": "2023-01-23T12:43:32.000000Z"}, {"uuid": "31cd70f5-3fcd-469f-9eb6-32dc7d8b8d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22803", "type": "seen", "source": "https://t.me/cibsecurity/58258", "content": "\u203c CVE-2023-22803 \u203c\n\nLS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T20:52:45.000000Z"}, {"uuid": "e1ad5c08-1206-4a73-be26-619466a97abc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22808", "type": "seen", "source": "https://t.me/cibsecurity/61945", "content": "\u203c CVE-2023-22808 \u203c\n\nAn issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T00:29:46.000000Z"}, {"uuid": "2ded7726-efd0-4a4d-8347-fc1208ab9574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22805", "type": "seen", "source": "https://t.me/cibsecurity/58251", "content": "\u203c CVE-2023-22805 \u203c\n\nLS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T20:46:42.000000Z"}, {"uuid": "ddf1a977-8d8a-4fc3-9bc5-614f502eaf2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22806", "type": "seen", "source": "https://t.me/cibsecurity/58257", "content": "\u203c CVE-2023-22806 \u203c\n\nLS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T20:56:40.000000Z"}, {"uuid": "886c2350-588e-4437-b923-5c1c2d86fd44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22807", "type": "seen", "source": "https://t.me/cibsecurity/58250", "content": "\u203c CVE-2023-22807 \u203c\n\nLS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T20:46:41.000000Z"}, {"uuid": "75f458c0-7fc6-4b7c-acad-cbf95a078a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22804", "type": "seen", "source": "https://t.me/cibsecurity/58248", "content": "\u203c CVE-2023-22804 \u203c\n\nLS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T20:46:39.000000Z"}, {"uuid": "54ba6085-5a97-4e98-9663-59e94fc5e539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2609", "content": "#CVE-2023\nA script to automate privilege escalation with CVE-2023-22809 vulnerability\nhttps://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc\n\n\nA script to automate privilege escalation with CVE-2023-22809 vulnerability\n\nhttps://github.com/Live-Hack-CVE/CVE-2023-22884\n\nPOC and Scanner for CVE-2023-24055\n\nhttps://github.com/Live-Hack-CVE/CVE-2023-21867\n\n\n@BlueRedTeam", "creation_timestamp": "2023-03-05T09:21:57.000000Z"}, {"uuid": "df2d8a7d-8ec8-4287-9a25-a483c2fc46a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "seen", "source": "https://t.me/cibsecurity/56682", "content": "\u203c CVE-2023-22809 \u203c\n\nIn Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a \"--\" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T20:21:07.000000Z"}, {"uuid": "fe0ab42a-7924-45ef-858e-94dce445a550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/412", "content": "\ud83d\udd25\ud83d\udd25\ud83d\udd25Script for automation of exploitation CVE-2023-22809 vulnerability to gain a root shell.\n\nThe script checks if the current user has access to run the sudoedit or sudo -e command for some file with root privileges. If it does it opens the sudoers file for the attacker to introduce the privilege escalation policy for the current user and get a root shell.", "creation_timestamp": "2023-01-24T10:48:05.000000Z"}, {"uuid": "9df94990-b623-4101-b5f6-b13c2a8ca5cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7579", "content": "#exploit\nCVE-2023-22809:\n\"Sudo Sudoedit Vulnerability\".", "creation_timestamp": "2023-01-23T05:05:16.000000Z"}, {"uuid": "85511fa2-47dc-4537-9fb5-b99ff7b50dc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/dragonforceio/1076", "content": "Topik pilihan DFM hari ini: {Proof Of Concept} Sudo Privilege Escalation Ubuntu Version 1.8.0 - 1.9.12p1 (CVE-2023-22809)\n\nThread:\nhttps://dragonforce.io/threads/sudo-privilege-escalation-ubuntu-version-1-8-0-1-9-12p1-cve-2023-22809.15263/\n\nForum Rasmi: https://dragonforce.io\nRadio Rasmi: https://radio.dragonforce.io\nFacebook: https://fb.me/dragonforcedotio\nTelegram: https://t.me/dragonforceio\nTwitter: https://twitter.com/dragonforceio\nInstagram: https://instagram.com/dragonforceio\nYouTube: https://www.youtube.com/channel/UC9GycRXuy7-WMULPBkBp4Bw", "creation_timestamp": "2023-03-13T11:05:51.000000Z"}, {"uuid": "67139216-3c6c-41f0-9d84-2326522293c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22809", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7601", "content": "#Offensive_security\n1. Cobalt Strike Beacon Object File for kernel exploitation using AMD's Ryzen Master Driver (version 17)\nhttps://github.com/tijme/amd-ryzen-master-driver-v17-exploit\n2. A script to automate privilege escalation with CVE-2023-22809 vulnerability\nhttps://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc", "creation_timestamp": "2023-01-23T11:00:22.000000Z"}]}