Описание
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
Отчет
This vulnerability is rated Moderate for Red Hat Satellite because it requires the BMC component to be enabled and configured to use ipmitool as the IPMI implementation. An authenticated attacker with host creation or update permissions can exploit this by crafting a malicious BMC username. Exploitation is limited to environments meeting these specific configuration and permission requirements.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Satellite 6 | rubygem-rubyipmi | Affected | ||
| Red Hat Satellite 6 | satellite:el8/rubygem-rubyipmi | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.3 High
CVSS3
Связанные уязвимости
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
rubyipmi is vulnerable to OS Command Injection through malicious usernames
EPSS
8.3 High
CVSS3