Lucene search

[email protected]NVD:CVE-2021-25315

HistoryMar 03, 2021 - 10:15 a.m.

CVE-2021-25315

2021-03-0310:15:13

CWE-287

[email protected]

web.nvd.nist.gov

cve-2021-25315; improper authentication; suse linux enterprise server 15 sp 3; opensuse tumbleweed; arbitrary code execution; salt vulnerability; local attackers

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

14.2%

JSON

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

Affected configurations

Nvd

Node

opensusetumbleweedMatch-

susesuse_linux_enterprise_serverMatch15sp3

AND

saltstacksaltRange<3002.2

VendorProductVersionCPE
opensusetumbleweed-cpe:2.3:o:opensuse:tumbleweed:-:*:*:*:*:*:*:*
susesuse_linux_enterprise_server15cpe:2.3:o:suse:suse_linux_enterprise_server:15:sp3:*:*:*:*:*:*
saltstacksalt*cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	tumbleweed	-	cpe:2.3:o:opensuse:tumbleweed:-:::::::*
suse	suse_linux_enterprise_server	15	cpe:2.3:o:suse:suse_linux_enterprise_server:15:sp3::::::
saltstack	salt	*	cpe:2.3:a:saltstack:salt::::::::