CVE-2013-2069

2013-05-2900:55:01

CWE-264

[email protected]

web.nvd.nist.gov

red hat

livecd-tools

cve-2013-2069

privilege escalation

nvd

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.

Affected configurations

NVD

Node

redhatlivecd-toolsRange<13.4.4

redhatlivecd-toolsRange17.0–17.17

redhatlivecd-toolsRange18.0–18.16

redhatlivecd-toolsRange19.0–19.3

CPENameOperatorVersion
redhat:livecd-toolsredhat livecd-toolslt13.4.4
redhat:livecd-toolsredhat livecd-toolslt17.17
redhat:livecd-toolsredhat livecd-toolslt18.16
redhat:livecd-toolsredhat livecd-toolslt19.3

CPE	Name	Operator	Version
redhat:livecd-tools	redhat livecd-tools	lt	13.4.4
redhat:livecd-tools	redhat livecd-tools	lt	17.17
redhat:livecd-tools	redhat livecd-tools	lt	18.16
redhat:livecd-tools	redhat livecd-tools	lt	19.3