PCP Vulnerability: High-Level Privileges for Compromised System Accounts

CVE-2024-45770

4.4MEDIUM

Key Information

Vendor
Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Vendor
CVE Published:
19 September 2024

Summary

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

Affected Version(s)

Red Hat Enterprise Linux 8 <= 0:5.3.7-22.el8_10

Red Hat Enterprise Linux 8.2 Advanced Update Support <= 0:5.0.2-9.el8_2

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support <= 0:5.2.5-8.el8_4

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.