CVE-2012-6639

CWE-269Improper Privilege ManagementCWE-2908 documents7 sources
Severity
8.8HIGH
EPSS
1.1%
top 21.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Canonical Cloud-initCloud-init Cloud-initDebian Debian Linux+1 more
Timeline
PublishedNov 25
Latest updateApr 23

Description

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

Debiancloud-init< 0.7.1-1+3
CVEListV5cloud-init/cloud-initbefore 0.7.0

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: access.redhat.comPatch: access.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-53qp-p4j3-jj3w: An privilege elevation vulnerability exists in Cloud-init before 02022-04-23
CVEList
CVE-2012-6639: An privilege elevation vulnerability exists in Cloud-init before 02019-11-25
OSV
CVE-2012-6639: An privilege elevation vulnerability exists in Cloud-init before 02019-11-25

📋Vendor Advisories

2
Red Hat
cloud-init: insecure transmission of EC2 instance data can lead to root privilege escalation2014-01-07
Debian
CVE-2012-6639: cloud-init - An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requ...2012

💬Community

2
Bugzilla
CVE-2012-6639 cloud-init: insecure transmission of EC2 instance data can lead to root privilege escalation [epel-5]2014-03-06
Bugzilla
CVE-2012-6639 cloud-init: insecure transmission of EC2 instance data can lead to root privilege escalation2014-03-06
CVE-2012-6639 (HIGH CVSS 8.8) | An privilege elevation vulnerabilit | cvebase.io