5.9 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
8.0%
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. (CVE-2014-3477)
Impact
This vulnerability may allow a locally authenticated user to cause a denial-of-service (DoS) or possibly conduct a side-channel attack through a D-Bus message to an inactive service.
For Traffix SDC, the dbusdaemon is used for package dependency reasons. The impact of thedbusdaemon becoming unavailable is minimal. In addition, only administrative users are allowed on the Traffix SDC users, limiting the amount of potential attackers.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.3.0 | |
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 12.0.0 | |
big-ip analytics | eq | 11.0.0 |