vulnerability

Red Hat: CVE-2024-9050: NetworkManager-libreswan: Local privilege escalation via leftupdown (Multiple Advisories)

Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Oct 22, 2024
Added
Oct 24, 2024
Modified
Jul 7, 2025

Description

A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.

Solution(s)

redhat-upgrade-networkmanager-libreswanredhat-upgrade-networkmanager-libreswan-debuginforedhat-upgrade-networkmanager-libreswan-debugsourceredhat-upgrade-networkmanager-libreswan-gnomeredhat-upgrade-networkmanager-libreswan-gnome-debuginfo
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.