CVE-2017-2663

CWE-2706 documents5 sources

Severity

7.8HIGH

EPSS

0.1%

top 68.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Subscription-manager RED HAT Subscription-manager

Timeline

PublishedJul 27

Latest updateMay 13

Description

It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

▶NVDredhat/subscription-manager< 1.19.4

▶CVEListV5red_hat/subscription-manager1.19.4

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-44w6-h8x6-p8h9: It was found that subscription-manager's DBus interface before 1↗2022-05-13

▶

CVEList

CVE-2017-2663: It was found that subscription-manager's DBus interface before 1↗2018-07-27

▶

📋Vendor Advisories

Red Hat

subscription-manager: unsafe dbus interface↗

▶

💬Community

Bugzilla

CVE-2017-2663 subscription-manager: unsafe dbus interface [fedora-all]↗2017-03-21

▶

Bugzilla

CVE-2017-2663 subscription-manager: unsafe dbus interface↗2017-03-20

▶