CVE-2016-7797
pacemaker: pacemaker remote nodes vulnerable to hijacking, resulting in a DoS attack
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
Pacemaker en versiones anteriores a 1.1.15, al usar el control remoto de marcapasos, podría permitir a atacantes remotos provocar una denegación de servicio (desconexión de nodo) a través de una conexión no autenticada.
It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-09-09 CVE Reserved
- 2016-11-03 CVE Published
- 2024-06-24 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-254: 7PK - Security Features
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/93261 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/01/1 | 2018-10-30 | |
| https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Clusterlabs Search vendor "Clusterlabs" | Pacemaker Search vendor "Clusterlabs" for product "Pacemaker" | <= 1.1.14 Search vendor "Clusterlabs" for product "Pacemaker" and version " <= 1.1.14" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.2 Search vendor "Opensuse" for product "Leap" and version "42.2" | - |
Affected
| ||||||
| Opensuse Project Search vendor "Opensuse Project" | Leap Search vendor "Opensuse Project" for product "Leap" | 42.1 Search vendor "Opensuse Project" for product "Leap" and version "42.1" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise High Availability Search vendor "Suse" for product "Linux Enterprise High Availability" | 12 Search vendor "Suse" for product "Linux Enterprise High Availability" and version "12" | sp2 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12" | sp2 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux High Availability Search vendor "Redhat" for product "Enterprise Linux High Availability" | 7.0 Search vendor "Redhat" for product "Enterprise Linux High Availability" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Resilient Storage Search vendor "Redhat" for product "Enterprise Linux Resilient Storage" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Resilient Storage" and version "7.0" | - |
Affected
| ||||||