Lucene search

K
cve[email protected]CVE-2008-2139
HistoryMay 12, 2008 - 5:20 p.m.

CVE-2008-2139

2008-05-1217:20:00
CWE-264
web.nvd.nist.gov
23
security
rpath appliance platform
rootpw
privilege escalation
cve-2008-2139

6.5 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:S/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.0%

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.

Affected configurations

NVD
Node
rpathappliance_platform_agentMatch2
OR
rpathappliance_platform_agentMatch3

6.5 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:S/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.0%

Related for CVE-2008-2139