Lucene search

K
cveMitreCVE-2020-13776
HistoryJun 03, 2020 - 3:15 a.m.

CVE-2020-13776

2020-06-0303:15:10
CWE-269
mitre
web.nvd.nist.gov
154
systemd
cve-2020-13776
nvd
security
incomplete fix
privilege escalation
vulnerability
numerical usernames

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.007

Percentile

80.6%

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.

Affected configurations

Nvd
Node
systemd_projectsystemdRange245
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappsolidfire_\&_hci_management_nodeMatch-
Node
fedoraprojectfedoraMatch32
VendorProductVersionCPE
systemd_projectsystemd*cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netappsolidfire_\&_hci_management_node-cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.007

Percentile

80.6%