PT-2020-10013 · Suse · Suse Linux Enterprise Server 12+3
Matthias Gerstner
·
Published
2020-04-03
·
Updated
2020-05-23
·
CVE-2019-18905
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
SUSE Linux Enterprise Server 12 autoyast2 versions 4.1.9-3.9.1 and prior versions
SUSE Linux Enterprise Server 15 autoyast2 versions 4.0.70-3.20.1 and prior versions
Description
A vulnerability in autoyast2 of SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15 allows remote attackers to perform man-in-the-middle (MITM) connections when deprecated and unused functionality of autoyast is used to create images.
Recommendations
For SUSE Linux Enterprise Server 12 autoyast2 versions 4.1.9-3.9.1 and prior versions, update to a version later than 4.1.9-3.9.1 to resolve the issue.
For SUSE Linux Enterprise Server 15 autoyast2 versions 4.0.70-3.20.1 and prior versions, update to a version later than 4.0.70-3.20.1 to resolve the issue.
As a temporary workaround, consider disabling the deprecated and unused functionality of autoyast to minimize the risk of exploitation.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse Linux Enterprise Server 12
Suse Linux Enterprise Server 15
Suse
Autoyast2