Vulnerability CVE-2021-25315

Vulnerability CVE-2021-25315

Published: 2021-03-03

Description:

A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

Type:

CWE-303

(Incorrect Implementation of Authentication Algorithm)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.6/10	6.4/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
SUSE -> Suse linux enterprise server
Saltstack -> SALT
Opensuse -> Tumbleweed

References:

https://bugzilla.suse.com/show_bug.cgi?id=1182382

Copyright 2024, cxsecurity.com