CVE-2013-2056
Satellite: Inter-Satellite Sync (ISS) does not require authentication/authorization
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.
La operaciĆ³n Inter-Satellite Sync (ISS) en Red Hat Network (RHN) Satellite 5.3, 5.4, y 5.5 no valida adecuadamente la "autenticidad" del cliente, lo que permite a atacantes remotos obtener el contenido de un canal evitando la llamada inicial para la autenticaciĆ³n.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2013-05-21 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/93566 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0848.html | 2022-02-03 | |
| http://secunia.com/advisories/53487 | 2022-02-03 | |
| https://access.redhat.com/security/cve/CVE-2013-2056 | 2013-05-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=959524 | 2013-05-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.3 Search vendor "Redhat" for product "Satellite" and version "5.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.4 Search vendor "Redhat" for product "Satellite" and version "5.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.5 Search vendor "Redhat" for product "Satellite" and version "5.5" | - |
Affected
| ||||||