CVE-2013-2056Improper Authentication in Redhat Satellite

CWE-287Improper AuthenticationCWE-306Missing Authentication for Critical Function5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 43.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Satellite
Timeline
PublishedJul 31
Latest updateMay 13

Description

The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDredhat/satellite5.3, 5.4, 5.5+2

🔴Vulnerability Details

2
GHSA
GHSA-p9rr-x8fh-7586: The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 52022-05-13
CVEList
CVE-2013-2056: The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 52013-07-31

📋Vendor Advisories

1
Red Hat
CVE-2013-2056: The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 52013-07-31

💬Community

1
Bugzilla
CVE-2013-2056 Satellite: Inter-Satellite Sync (ISS) does not require authentication/authorization2013-05-03
CVE-2013-2056 — Improper Authentication in Redhat | cvebase