Skip to main content

Network Satellite CVE-2013-4480

HIGH
Exposure of Resource to Wrong Sphere (CWE-668)
2013-11-18 secalert@redhat.com
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Nov 18, 2013 - 02:55 cve.org
HIGH 7.5

DescriptionCVE.org

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

AnalysisAI

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Technical ContextAI

This vulnerability is classified as Exposure of Resource to Wrong Sphere (CWE-668), which allows attackers to access resources from an unintended security context. Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Affected products include: Redhat Network Satellite, Redhat Satellite, Redhat Satellite With Embedded Oracle, Suse Manager, Suse Linux Enterprise.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement proper access controls, validate resource access permissions, use security boundaries.

Share

CVE-2013-4480 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy