ID |
CVE-2021-25314
|
Summary |
A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:suse:hawk2:-:*:*:*:*:*:*:*
cpe:2.3:a:suse:hawk2:-:*:*:*:*:*:*:*
-
cpe:2.3:a:suse:hawk2:2.6.3\+git.1614684118.af555ad9:*:*:*:*:*:*:*
cpe:2.3:a:suse:hawk2:2.6.3\+git.1614684118.af555ad9:*:*:*:*:*:*:*
-
cpe:2.3:a:suse:hawk2:2.6.3\+git.1614685906.812c31e9:*:*:*:*:*:*:*
cpe:2.3:a:suse:hawk2:2.6.3\+git.1614685906.812c31e9:*:*:*:*:*:*:*
-
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:sp3:*:*:*:*:*:*
-
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:15:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:15:sp2:*:*:*:*:*:*
-
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:sp5:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:sp5:*:*:*:*:*:*
|
CVSS |
Base: | 7.2 (as of 14-04-2023 - 18:49) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-378 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
Last major update |
14-04-2023 - 18:49 |
Published |
14-04-2021 - 15:15 |
Last modified |
14-04-2023 - 18:49 |