newstech.world

Hackers are exploiting a five-year-old flaw that lets them breach DVR devices.

The flaw has a 9.8 CVSS score.

The vulnerability, tracked as CVE-2018-9995 , affects older versions of runc and is caused by a flaw in the handling of file descriptors passed between processes.
The flaw can be exploited by attackers to escalate their privileges on a targeted system and execute arbitrary code with root privileges.
Researchers have observed several hacking groups, including Chinese state-sponsored actors, using the vulnerability in their attacks.
While patches for the vulnerability have been available for several years, many systems remain unpatched, leaving them vulnerable to hackers.
Researchers have warned system administrators to patch their systems and upgrade to the latest versions of runc to protect against this vulnerability.

Hackers are exploiting a five-year-old flaw that lets them breach DVR devices.