CVE-2018-16877

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Pacemaker versions up to and including 2.0.0

Description: A flaw was found in the way Pacemaker's client-server authentication was implemented, allowing a local attacker to achieve local privilege escalation by combining this flaw with other IPC weaknesses. The issue is related to insufficient authentication in the cluster resource management tool, which can be exploited to elevate privileges.

Recommendations: For Pacemaker versions up to and including 2.0.0, update to a version later than 2.0.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2019-1351

BDU:2020-02205

CESA-2019_1279

CVE-2018-16877

DLA-2519-1

MGASA-2019-0394

OPENSUSE-SU-2019:1400-1

OPENSUSE-SU-2019_1342-1

OPENSUSE-SU-2019_1400-1

OPENSUSE-SU-2024:11138-1

RHSA-2019:1278

RHSA-2019:1279

RHSA-2019_1278

RHSA-2019_1279

SUSE-SU-2019:1047-1

SUSE-SU-2019:1108-1

SUSE-SU-2019:1209-1

SUSE-SU-2019:2268-1

SUSE-SU-2019_1047-1

SUSE-SU-2019_1108-1

SUSE-SU-2019_1209-1

SUSE-SU-2019_2268-1

SUSE-SU-2020:1072-1

SUSE-SU-2020_1072-1

USN-3952-1

Affected Products

Alt Linux

Centos

Pacemaker

Red Hat

Suse

Ubuntu

CVE-2018-16877

Weakness Enumeration

Related Identifiers

Affected Products

References · 73