Pam_Access Vulnerability: Bypassing Access Restrictions through Token Manipulation
CVE-2024-10963

7.4HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 7 November 2024

Summary

A vulnerability exists in PAM Access whereby certain entries in its configuration file can be incorrectly recognized as hostnames. This flaw enables attackers to masquerade as legitimate hostnames, potentially leading to unauthorized access to services and terminals. Systems leveraging PAM Access for managing user authentication could be compromised due to this misconfiguration issue, creating a significant risk for organizations relying on these security measures.

References

https://access.redhat.com/security/cve/CVE-2024-10963

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2324291

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2024
Vulnerability Reserved
Nov 7, 2024