CVE-2022-1049

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Pacemaker configuration tool (pcs) (affected versions not specified)

Description A flaw was found in the Pacemaker configuration tool, allowing expired accounts and accounts with expired passwords to login when using PAM authentication. This issue enables unprivileged expired accounts that have been denied access to still login. The vulnerability is related to deficiencies in the authentication procedure, which can be exploited by a remote attacker to elevate their privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALSA-2022:7447

ALSA-2022:7935

ALT-PU-2022-2143

ALT-PU-2023-5630

ALT-PU-2024-7827

BDU:2022-05543

CESA-2022_7447

CVE-2022-1049

DLA-3108-1

DSA-5226-1

OESA-2022-1886

RHSA-2022:7447

RHSA-2022:7935

RHSA-2022_7447

RHSA-2022_7935

RLSA-2022:7447

RLSA-2022:7935

USN-7614-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Pacemaker Configuration Tool

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2022-1049

Weakness Enumeration

Related Identifiers

Affected Products

References · 82