Pacemaker
CVE-2016-7797
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
AnalysisAI
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-254. Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Affected products include: Clusterlabs Pacemaker, Opensuse Leap, Opensuse Project Leap, Suse Linux Enterprise High Availability, Suse Linux Enterprise Software Development Kit. Version information: before 1.1.15.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not l
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges v
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive i
An ACL bypass flaw was found in pacemaker. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, l
Same weakness CWE-254 – 7PK - Security Features
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today