CVE-2023-6917

Summary

CVE-2023-6917 is a vulnerability affecting the Performance Co-Pilot (PCP) package. The issue arises due to the disparity in privilege levels among systemd services related to PCP. While some services operate under limited PCP user/group privileges, others have full root privileges. This inconsistency exposes a risk when root processes interact with directories owned by unprivileged PCP users. Attackers can exploit this vulnerability to compromise PCP user isolation and gain local PCP-to-root access, primarily through symlink attacks. The importance of maintaining effective privilege separation mechanisms within PCP is underscored to prevent unauthorized privilege escalation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.