// For flags

CVE-2021-40348

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1.

Spacewalk versión 2.10, y sus derivados como Uyuni versión 2021.08, permiten la inyección de código. El archivo rhn-config-satellite.pl no sanea el nombre del archivo de configuración usado para añadir el par clave-valor específico de Spacewalk. El script está pensado para ser ejecutado por la cuenta de usuario tomcat con Sudo, según la configuración de la instalación. Esto puede conllevar a la posibilidad de que un atacante use la opción --option para anexar código arbitrario a un archivo propiedad de root que finalmente será ejecutado por el sistema. Esto es corregido en Uyuni spacewalk-admin versión 4.3.2-1

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-08-31 CVE Reserved
  • 2021-11-01 CVE Published
  • 2024-07-17 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Uyuni-project
Search vendor "Uyuni-project"
Uyuni
Search vendor "Uyuni-project" for product "Uyuni"
2021.08
Search vendor "Uyuni-project" for product "Uyuni" and version "2021.08"
-
Affected
Spacewalk Project
Search vendor "Spacewalk Project"
Spacewalk
Search vendor "Spacewalk Project" for product "Spacewalk"
2.10
Search vendor "Spacewalk Project" for product "Spacewalk" and version "2.10"
-
Affected