CVE-2013-4480
Satellite: Interface to create the initial administrator user remains open after installation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
Red Hat Satellite 5.6 y anteriores versiones no deshabilita la interfaz web que es usada para crear el primer usuario para un satellite, lo que permite a atacantes remotos crear cuentas de administrador.
Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The rhn-java-sat packages contain the code for the Java version of the Red Hat Network Satellite Web site. It was found that the web interface provided by Red Hat Network Satellite to create the initial administrator user was not disabled after the initial user was created. A remote attacker could use this flaw to create an administrator user with credentials they specify. This user could then be used to assume control of the Satellite server.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-12 CVE Reserved
- 2013-11-12 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
- CWE-862: Missing Authorization
CAPEC
References (6)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1513.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-1514.html | 2023-02-13 | |
| https://access.redhat.com/site/articles/539283 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1024614 | 2013-11-12 | |
| https://access.redhat.com/security/cve/CVE-2013-4480 | 2013-11-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Network Satellite Search vendor "Redhat" for product "Network Satellite" | <= 5.6 Search vendor "Redhat" for product "Network Satellite" and version " <= 5.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | <= 5.6 Search vendor "Redhat" for product "Satellite" and version " <= 5.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Satellite With Embedded Oracle Search vendor "Redhat" for product "Satellite With Embedded Oracle" | 5.2 Search vendor "Redhat" for product "Satellite With Embedded Oracle" and version "5.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Satellite With Embedded Oracle Search vendor "Redhat" for product "Satellite With Embedded Oracle" | 5.3 Search vendor "Redhat" for product "Satellite With Embedded Oracle" and version "5.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Satellite With Embedded Oracle Search vendor "Redhat" for product "Satellite With Embedded Oracle" | 5.4 Search vendor "Redhat" for product "Satellite With Embedded Oracle" and version "5.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Satellite With Embedded Oracle Search vendor "Redhat" for product "Satellite With Embedded Oracle" | 5.5 Search vendor "Redhat" for product "Satellite With Embedded Oracle" and version "5.5" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Manager Search vendor "Suse" for product "Manager" | 1.7 Search vendor "Suse" for product "Manager" and version "1.7" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Search vendor "Suse" for product "Linux Enterprise" | 11.0 Search vendor "Suse" for product "Linux Enterprise" and version "11.0" | sp2 |
Affected
| ||||||