// For flags

CVE-2021-25314

hawk: Insecure file permissions

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.

Una vulnerabilidad de Creation de Archivo Temporal con Permisos No Seguros en hawk2 de SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2, permite a atacantes locales escalar a root. Este problema afecta a: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versiones anteriores a 2.6.3+ git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versiones anteriores a 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versiones anteriores a 2.6.3+git.1614684118.af555ad9

*Credits: Johannes Segitz of SUSE
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-19 CVE Reserved
  • 2021-04-14 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • 2024-09-17 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-378: Creation of Temporary File With Insecure Permissions
  • CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://bugzilla.suse.com/show_bug.cgi?id=1182166 2024-09-17
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Suse
Search vendor "Suse"
 Hawk2
Search vendor "Suse" for product "Hawk2"
 < 2.6.3\+git.1614685906.812c31e9-2.42.1
Search vendor "Suse" for product "Hawk2" and version " < 2.6.3\+git.1614685906.812c31e9-2.42.1"
-
Affected
in Suse
Search vendor "Suse"
 Linux Enterprise High Availability Extension
Search vendor "Suse" for product "Linux Enterprise High Availability Extension"
 12
Search vendor "Suse" for product "Linux Enterprise High Availability Extension" and version "12"
sp3
Safe
Suse
Search vendor "Suse"
 Hawk2
Search vendor "Suse" for product "Hawk2"
 < 2.6.3\+git.1614684118.af555ad9
Search vendor "Suse" for product "Hawk2" and version " < 2.6.3\+git.1614684118.af555ad9"
-
Affected
in Suse
Search vendor "Suse"
 Linux Enterprise High Availability Extension
Search vendor "Suse" for product "Linux Enterprise High Availability Extension"
 15
Search vendor "Suse" for product "Linux Enterprise High Availability Extension" and version "15"
sp2
Safe
Suse
Search vendor "Suse"
 Hawk2
Search vendor "Suse" for product "Hawk2"
 < 2.6.3\+git.1614685906.812c31e9
Search vendor "Suse" for product "Hawk2" and version " < 2.6.3\+git.1614685906.812c31e9"
-
Affected
in Suse
Search vendor "Suse"
 Linux Enterprise High Availability Extension
Search vendor "Suse" for product "Linux Enterprise High Availability Extension"
 12
Search vendor "Suse" for product "Linux Enterprise High Availability Extension" and version "12"
sp5
Safe