CVE-2010-4664 — Improper Privilege Management in Project Consolekit

CWE-269 — Improper Privilege Management5 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 59.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Consolekit Project Consolekit Consolekit Debian Linux +1 more

Timeline

PublishedNov 13

Latest updateApr 21

Description

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDconsolekit_project/consolekit< 0.4.2

▶CVEListV5consolekit/consolekitbefore 0.4.2

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-qr44-jpvc-mm3p: In ConsoleKit before 0↗2022-04-21

▶

OSV

CVE-2010-4664: In ConsoleKit before 0↗2019-11-13

▶

📋Vendor Advisories

Red Hat

ConsoleKit: Policy restrictions break-out via remote Virtual Network Computing (VNC) session↗2010-06-03

▶

💬Community

Bugzilla

CVE-2010-4664 ConsoleKit: Policy restrictions break-out via remote Virtual Network Computing (VNC) session↗2010-06-04

▶