CVE-2016-4474
high
CVSS v3
8.8
CVSS v2
3.3
VIR risk
8.8
Description
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.
Predictions
Exploit likelihood
82%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — https://rhn.redhat.com/errata/RHSA-2016-1223.html
Vendor advisory: secalert@redhat.com — https://access.redhat.com/security/vulnerabilities/2359821
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2016-1222.html
References
- http://rhn.redhat.com/errata/RHSA-2016-1222.html
- https://access.redhat.com/security/vulnerabilities/2359821
- https://rhn.redhat.com/errata/RHSA-2016-1223.html
- http://rhn.redhat.com/errata/RHSA-2016-1222.html
- https://access.redhat.com/security/vulnerabilities/2359821
- https://rhn.redhat.com/errata/RHSA-2016-1223.html
CWEs
CWE-200 CWE-254
Verify integrity in audit chain (admin only). AS-IS.