cbcvebase.
CVE-2018-14643
published 2018-09-21

CVE-2018-14643: An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute…

PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.01%
92.4th percentile
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability exists in smart_proxy_dynflow version 0.1.8 and later; detection should target this component on Foreman >= 1.15 / Satellite >= 6.3 deployments.
  • The authentication bypass was introduced by a specific commit; patch presence/absence at this commit can be used to confirm vulnerable state.
  • After patching, unauthenticated requests to the Dynflow endpoint are rejected with 'No client SSL certificate supplied'; absence of this error on an unpatched system indicates exploitability.
  • Arbitrary command execution against managed hosts was confirmed exploitable on Satellite 6.3.3; monitor for unexpected remote execution jobs originating from unauthenticated sources against Foreman-managed hosts.
  • ·Mitigation: disable the Smart Proxy Dynflow component entirely by setting ':enabled:' to false in the configuration file at the specified path.
  • ·The Red Hat Satellite 6 package 'tfm-rubygem-smart_proxy_dynflow_core' is listed as Not Affected; scope detection efforts to the 'smart_proxy_dynflow' gem, not the core variant.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.