CVE-2015-1842
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-0791.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-0789.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | openstack | {"endIncluding":"6.0"} | |
References
- http://rhn.redhat.com/errata/RHSA-2015-0789.html
- http://rhn.redhat.com/errata/RHSA-2015-0791.html
- http://rhn.redhat.com/errata/RHSA-2015-0830.html
- http://rhn.redhat.com/errata/RHSA-2015-0831.html
- http://rhn.redhat.com/errata/RHSA-2015-0832.html
- http://www.securityfocus.com/bid/74049
- https://bugzilla.redhat.com/show_bug.cgi?id=1201875
- http://rhn.redhat.com/errata/RHSA-2015-0789.html
- http://rhn.redhat.com/errata/RHSA-2015-0791.html
- http://rhn.redhat.com/errata/RHSA-2015-0830.html
- http://rhn.redhat.com/errata/RHSA-2015-0831.html
- http://rhn.redhat.com/errata/RHSA-2015-0832.html
- http://www.securityfocus.com/bid/74049
- https://bugzilla.redhat.com/show_bug.cgi?id=1201875
CWEs
CWE-255
Verify integrity in audit chain (admin only). AS-IS.