PCP Vulnerability: High-Level Privileges for Compromised System Accounts
CVE-2024-45770
4.4MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 8.2 Advanced Update Support
- Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
- Red Hat Enterprise Linux 8.4 Telecommunications Update Service
- Vendor
- CVE Published:
- 19 September 2024
Summary
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
Affected Version(s)
Red Hat Enterprise Linux 8 <= 0:5.3.7-22.el8_10
Red Hat Enterprise Linux 8.2 Advanced Update Support <= 0:5.0.2-9.el8_2
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support <= 0:5.2.5-8.el8_4
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database