CVE-2024-45173 is a critical privilege escalation vulnerability found in the za-internet C-MOR Video Surveillance software, specifically version 5.2401. The root cause is improper privilege management related to sudo permissions assigned to the Linux user www-data, which operates the C-MOR web interface. This user can execute certain operating system commands such as cp, chown, and chmod with root privileges via sudo without needing to provide the root password. These commands can be abused to alter the sudoers configuration file, effectively granting the attacker unrestricted root-level command execution capabilities. This vulnerability falls under CWE-269 (Improper Privilege Management). The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction required. The vulnerability allows an attacker who has access to the www-data user context—typically through the web interface—to escalate privileges to root, potentially leading to full system compromise. Although no patches or exploits are currently documented, the risk remains significant given the nature of the flaw and the critical role of video surveillance systems in security infrastructure.

The impact of CVE-2024-45173 is severe for organizations using the C-MOR Video Surveillance system. An attacker exploiting this vulnerability can gain root-level access to the underlying Linux system, leading to complete control over the device. This includes the ability to manipulate surveillance data, disable security monitoring, install persistent backdoors, or pivot to other network resources. The compromise of video surveillance systems can undermine physical security, violate privacy regulations, and damage organizational trust. Additionally, root access allows attackers to modify system configurations, delete logs, and evade detection. Given that video surveillance systems are often connected to critical infrastructure or sensitive environments, the potential for widespread disruption and data breaches is high. The vulnerability’s ease of exploitation and the absence of required user interaction increase the likelihood of successful attacks once the attacker gains initial access to the web interface.

To mitigate CVE-2024-45173, organizations should immediately restrict access to the C-MOR web interface to trusted networks and authenticated users only, minimizing exposure to potential attackers. Network segmentation and firewall rules should be employed to limit access to the surveillance system. Since no official patch is currently available, administrators should audit and harden sudoers configurations to remove or tightly control any sudo privileges granted to the www-data user. Monitoring and alerting on changes to sudoers files and unusual use of cp, chown, and chmod commands by www-data can help detect exploitation attempts. Employing host-based intrusion detection systems (HIDS) and integrity monitoring tools can provide early warnings of privilege escalation activities. Organizations should also consider deploying application-layer firewalls or web application firewalls (WAFs) to detect and block malicious commands sent via the web interface. Finally, maintain regular backups of configuration and system files to enable recovery in case of compromise.