PT-2015-3735 · Red Hat · Red Hat Cloudforms
Published
2015-01-16
·
Updated
2023-02-13
·
CVE-2014-3692
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Red Hat CloudForms 3.1 Management Engine (CFME) version 5.3
Description
The issue concerns the customization template in Red Hat CloudForms, which uses a default password for the root account when no password is specified for a new image. This allows remote attackers to gain privileges.
Recommendations
For Red Hat CloudForms 3.1 Management Engine (CFME) version 5.3, consider changing the default password for the root account to a unique and secure password to prevent unauthorized access. As a temporary workaround, restrict remote access to the root account until a more permanent solution is implemented.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Cloudforms