PT-2021-7508 · Suse · Hawk2+4
Johannes Segitz
·
Published
2021-02-12
·
Updated
2024-06-15
·
CVE-2021-25314
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9
SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9
SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9
Description
A Creation of Temporary File With Insecure Permissions issue in hawk2 allows local attackers to escalate to root. This issue is related to the creation of temporary files with insecure permissions in the hawk2 web interface of SUSE Linux Enterprise Server and OpenSUSE Leap operating systems. Exploitation of this issue may allow an attacker to elevate their privileges.
Recommendations
For SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9, update to version 2.6.3+git.1614685906.812c31e9 or later.
For SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9, update to version 2.6.3+git.1614685906.812c31e9 or later.
For SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9, update to version 2.6.3+git.1614684118.af555ad9 or later.
Exploit
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Opensuse Leap
Suse Linux Enterprise High Availability
Suse Linux Enterprise Server
Suse
Hawk2