CVE-2013-2056

Published Jul 31, 2013

Last updated 3 years ago

Overview

Description: The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.
Source: secalert@redhat.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-287

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1FDDB68-9828-4DAF-8417-4E3B68ABA2C5"
          },
          {
            "criteria": "cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CCE54F9-0195-4E9D-A15F-3947EA0EBED7"
          },
          {
            "criteria": "cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B6D3920-6A7D-4AF8-A620-80C89FF454F2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References