| ID |
CVE-2021-25314
|
| Summary |
A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:suse:hawk2:-:*:*:*:*:*:*:*
cpe:2.3:a:suse:hawk2:-:*:*:*:*:*:*:*
-
cpe:2.3:a:suse:hawk2:2.6.3\+git.1614684118.af555ad9:*:*:*:*:*:*:*
cpe:2.3:a:suse:hawk2:2.6.3\+git.1614684118.af555ad9:*:*:*:*:*:*:*
-
cpe:2.3:a:suse:hawk2:2.6.3\+git.1614685906.812c31e9:*:*:*:*:*:*:*
cpe:2.3:a:suse:hawk2:2.6.3\+git.1614685906.812c31e9:*:*:*:*:*:*:*
-
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:sp3:*:*:*:*:*:*
-
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:15:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:15:sp2:*:*:*:*:*:*
-
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:sp5:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:sp5:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.2 (as of 14-04-2023 - 18:49) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-378 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| Last major update |
14-04-2023 - 18:49 |
| Published |
14-04-2021 - 15:15 |
| Last modified |
14-04-2023 - 18:49 |
