CVE-2020-13776

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 03-06-2020 05:15

Last modified: - 31-01-2022 07:40

Total changes: - 2

Description

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

High

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

Required

User interaction

6.7

Base score

0.8

5.9

Exploitability score

Impact score

Verification logic

vendor=systemd_project AND product=systemd AND versionEndIncluding=245

vendor=netapp AND product=active_iq_unified_manager AND version=- AND target_software=vmware_vsphere

vendor=netapp AND product=solidfire_\&_hci_management_node AND version=-

vendor=fedoraproject AND product=fedora AND version=32

Reference

https://github.com/systemd/systemd/issues/15985
https://security.netapp.com/advisory/ntap-20200611-0003/
FEDORA-2020-2faf839786-Third Party Advisory

Keywords

CVE-2020-13776

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-13776

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures