PT-2015-1274 · Openstack · Openstack Puppet Module

Alessandro Vozza

Publicado

2015-04-10

Atualizado

2023-02-13

CVE-2015-1842

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions openstack-puppet-modules versions prior to 2014.2.13-2

Description The issue concerns the use of a default password 'CHANGEME' for the pcsd daemon in the openstack-puppet-modules package. This allows remote attackers to execute arbitrary shell commands. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 2014.2.13-2, update to version 2014.2.13-2 or later to resolve the issue. As a temporary workaround, consider changing the default password 'CHANGEME' for the pcsd daemon to a secure password. Restrict access to the pcsd daemon to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-255

Identificadores relacionados

BDU:2015-10304

CVE-2015-1842

RHSA-2015:0789

RHSA-2015:0791

RHSA-2015:0830

RHSA-2015:0831

RHSA-2015:0832

Produtos afetados

Openstack Puppet Module

PT-2015-1274 · Openstack · Openstack Puppet Module

CVE-2015-1842

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10