Lucene search

[email protected]NVD:CVE-2023-3899

HistoryAug 23, 2023 - 11:15 a.m.

CVE-2023-3899

2023-08-2311:15:07

CWE-863

CWE-285

[email protected]

web.nvd.nist.gov

vulnerability

subscription-manager

local privilege escalation

inadequate authorization

d-bus interface

rhsm1

configuration tampering

vulnerability exploitation.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

Affected configurations

NVD

Node

redhatsubscription-managerRange<1.28.39

redhatsubscription-managerRange1.29.0–1.29.37

Node

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

Node

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch8.6

redhatenterprise_linux_eusMatch8.8

redhatenterprise_linux_eusMatch9.0

redhatenterprise_linux_eusMatch9.2

redhatenterprise_linux_for_arm_64Match8.0

redhatenterprise_linux_for_arm_64Match9.0

redhatenterprise_linux_for_arm_64Match9.2

redhatenterprise_linux_for_arm_64_eusMatch8.6

redhatenterprise_linux_for_arm_64_eusMatch8.8

redhatenterprise_linux_for_arm_64_eusMatch9.0

redhatenterprise_linux_for_arm_64_eusMatch9.2

redhatenterprise_linux_for_ibm_z_systemsMatch7.0

redhatenterprise_linux_for_ibm_z_systemsMatch8.0

redhatenterprise_linux_for_ibm_z_systemsMatch9.0

redhatenterprise_linux_for_ibm_z_systemsMatch9.2

redhatenterprise_linux_for_ibm_z_systems_eusMatch8.6

redhatenterprise_linux_for_ibm_z_systems_eusMatch8.8

redhatenterprise_linux_for_ibm_z_systems_eusMatch9.0

redhatenterprise_linux_for_ibm_z_systems_eusMatch9.2

redhatenterprise_linux_for_power_big_endianMatch7.0

redhatenterprise_linux_for_power_little_endianMatch7.0

redhatenterprise_linux_for_power_little_endianMatch8.0

redhatenterprise_linux_for_power_little_endianMatch9.0

redhatenterprise_linux_for_power_little_endian_eusMatch8.8

redhatenterprise_linux_for_power_little_endian_eusMatch9.0

redhatenterprise_linux_for_power_little_endian_eusMatch9.2

redhatenterprise_linux_for_scientific_computingMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_ausMatch8.4

redhatenterprise_linux_server_ausMatch8.6

redhatenterprise_linux_server_ausMatch9.2

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.1

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.2

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.4

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.6

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.8

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch9.0

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch9.2

redhatenterprise_linux_server_tusMatch8.2

redhatenterprise_linux_server_tusMatch8.4

redhatenterprise_linux_server_tusMatch8.6

redhatenterprise_linux_server_tusMatch8.8

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch9.0

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch9.2

redhatenterprise_linux_update_services_for_sap_solutionsMatch8.1

redhatenterprise_linux_update_services_for_sap_solutionsMatch8.2

redhatenterprise_linux_update_services_for_sap_solutionsMatch8.4

redhatenterprise_linux_update_services_for_sap_solutionsMatch8.6

redhatenterprise_linux_update_services_for_sap_solutionsMatch8.8

redhatenterprise_linux_workstationMatch7.0

References

access.redhat.com/errata/RHSA-2023:4701

access.redhat.com/errata/RHSA-2023:4702

access.redhat.com/errata/RHSA-2023:4703

access.redhat.com/errata/RHSA-2023:4704

access.redhat.com/errata/RHSA-2023:4705

access.redhat.com/errata/RHSA-2023:4706

access.redhat.com/errata/RHSA-2023:4707

access.redhat.com/errata/RHSA-2023:4708

access.redhat.com/security/cve/CVE-2023-3899

bugzilla.redhat.com/show_bug.cgi?id=2225407

lists.fedoraproject.org/archives/list/[email protected]/message/FJHKSBBZRDFOBNDU35FUKMYQIQYT6UJQ/

lists.fedoraproject.org/archives/list/[email protected]/message/ZDIHGNLS3TZVX7X2F735OKI4KXPY4AH6/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-3899

redhat36 fedora2 nessus16 rocky2 ibm9 osv5 openvas3 almalinux2 cve1 prion1 f51 redhatcve1 redos1 cvelist1