CVE-2014-3632

CWE-2646 documents6 sources
Severity
7.6HIGH
EPSS
1.2%
top 21.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Neutron
Timeline
PublishedOct 7
Latest updateMay 14

Description

The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDopenstack/neutron2014.12014.1.2

🔴Vulnerability Details

2
GHSA
GHSA-hr9q-fc36-qcfj: The default configuration in a sudoers file in the Red Hat openstack-neutron package before 20142022-05-14
CVEList
CVE-2014-3632: The default configuration in a sudoers file in the Red Hat openstack-neutron package before 20142014-10-07

📋Vendor Advisories

2
Red Hat
openstack-neutron: regression of fix for CVE-2013-64332014-09-12
Debian
CVE-2014-3632: neutron - The default configuration in a sudoers file in the Red Hat openstack-neutron pac...2014

💬Community

1
Bugzilla
CVE-2014-3632 openstack-neutron: regression of fix for CVE-2013-64332014-09-12
CVE-2014-3632 (HIGH CVSS 7.6) | The default configuration in a sudo | cvebase.io