CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2015-0789.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0791.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0830.html
http://rhn.redhat.com/errata/RHSA-2015-0831.html
http://rhn.redhat.com/errata/RHSA-2015-0832.html
http://www.securityfocus.com/bid/74049
https://bugzilla.redhat.com/show_bug.cgi?id=1201875

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:openstack:*:*:*:*:*:*:*:*

History

13 Feb 2023, 00:47

Type	Values Removed	Values Added
Summary	It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root.	The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
References	~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0831', 'name': 'https://access.redhat.com/errata/RHSA-2015:0831', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0789', 'name': 'https://access.redhat.com/errata/RHSA-2015:0789', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/security/cve/CVE-2015-1842', 'name': 'https://access.redhat.com/security/cve/CVE-2015-1842', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0791', 'name': 'https://access.redhat.com/errata/RHSA-2015:0791', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0832', 'name': 'https://access.redhat.com/errata/RHSA-2015:0832', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0830', 'name': 'https://access.redhat.com/errata/RHSA-2015:0830', 'tags': [], 'refsource': 'MISC'}~~

02 Feb 2023, 20:20

Type	Values Removed	Values Added
Summary	The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.	It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root.
References		(MISC) https://access.redhat.com/errata/RHSA-2015:0831 - (MISC) https://access.redhat.com/errata/RHSA-2015:0789 - (MISC) https://access.redhat.com/security/cve/CVE-2015-1842 - (MISC) https://access.redhat.com/errata/RHSA-2015:0791 - (MISC) https://access.redhat.com/errata/RHSA-2015:0832 - (MISC) https://access.redhat.com/errata/RHSA-2015:0830 -

Information

Published : 2015-04-10 15:00

Updated : 2023-12-10 11:31

NVD link : CVE-2015-1842

Mitre link : CVE-2015-1842

CVE.ORG link : CVE-2015-1842

JSON object : View

Products Affected

redhat

openstack

CWE

CWE-255

Credentials Management Errors

10.0 /10