CVE-2015-1842

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions openstack-puppet-modules versions prior to 2014.2.13-2

Description The issue concerns the use of a default password 'CHANGEME' for the pcsd daemon in the openstack-puppet-modules package. This allows remote attackers to execute arbitrary shell commands. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 2014.2.13-2, update to version 2014.2.13-2 or later to resolve the issue. As a temporary workaround, consider changing the default password 'CHANGEME' for the pcsd daemon to a secure password. Restrict access to the pcsd daemon to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

BDU:2015-10304

CVE-2015-1842

RHSA-2015:0789

RHSA-2015:0791

RHSA-2015:0830

RHSA-2015:0831

RHSA-2015:0832

Affected Products

Openstack Puppet Module

CVE-2015-1842

Weakness Enumeration

Related Identifiers

Affected Products

References · 10