SB2018062603 - Multiple vulnerabilities in Red Hat CloudForms
Published: June 26, 2018
Security Bulletin ID
SB2018062603
CSH Severity
High
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2018-1101)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated attacker to write arbitrary files and gain elevated privileges on the target system.
The weakness exists in the management of system and organization administrators due to improper security restrictions. A remote attacker can reset the passwords and gain root privileges.
2) Command injection (CVE-ID: CVE-2018-1104)
CWE-ID: CWE-77 - Command injection
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in user-provided extra_vars due to command injection via Jinja2 variables. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
3) Authentication bypass (CVE-ID: CVE-2018-7750)
CWE-ID: CWE-592 - Authentication Bypass Issues
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote unauthenticated attacker to bypass authentication.
The weakness exists is due to improper security restrictions. A remote attacker can use a customized SSH client, bypass authentication and gain unauthorized access to resources on the target systemю
Remediation
Install update from vendor's website.