Vulnerability CVE-2017-7470

Vulnerability Name:

CVE-2017-7470 (CCN-148117)

Assigned:

2017-12-01

Published:

2017-12-01

Updated:

2023-02-12

Summary:

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2017-7470

Source: CCN
Type: BID-98569
Red Hat spacewalk-backend CVE-2017-7470 Authorization Security Bypass Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: CCN
Type: Red Hat Web site
RHSA-2017:1259 - Security Advisory

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 1439622
(CVE-2017-7470) CVE-2017-7470 spacewalk-backend: spacewalk-channel can be used by non-admin or disabled users for performing administrative tasks

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
redhat-cve20177470-sec-bypass(148117)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-7470

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20177470	V	CVE-2017-7470	2022-05-20
oval:org.opensuse.security:def:32218	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:32207	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:32125	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:29350	P	Security update for qemu (Important)	2021-04-22
oval:org.opensuse.security:def:32275	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:32264	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:32114	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:29303	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:28171	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28665	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:27969	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28616	P	Security update for xorg-x11-libXext	2020-12-01
oval:org.opensuse.security:def:31897	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:32563	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32362	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:33405	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:28228	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:28098	P	Recommended update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:28632	P	Security update for a2ps	2020-12-01
oval:org.opensuse.security:def:31908	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32612	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31906	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:32518	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28312	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:29339	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:28182	P	Security update for kernel modules packages (Moderate)	2020-12-01
oval:org.opensuse.security:def:28676	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:31982	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32651	P	dhcpcd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31907	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32574	P	libxslt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27883	P	Security update for rubygem-bundler	2020-12-01
oval:org.opensuse.security:def:28464	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28239	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:29314	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32673	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31918	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32623	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27884	P	Security update for rubygem-i18n-0_6	2020-12-01
oval:org.opensuse.security:def:28517	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28323	P	Security update for perl (Low)	2020-12-01
oval:org.opensuse.security:def:32717	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31992	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32662	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27895	P	Security update for subversion	2020-12-01
oval:org.opensuse.security:def:28566	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:27893	P	Security update for shim	2020-12-01
oval:org.opensuse.security:def:28475	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:33355	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32684	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27959	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28605	P	Security update for wireshark	2020-12-01
oval:org.opensuse.security:def:27894	P	Security update for struts	2020-12-01
oval:org.opensuse.security:def:28528	P	Security update for ImageMagick	2020-12-01
oval:org.opensuse.security:def:32351	P	Security update for squid (Moderate)	2020-12-01
oval:org.opensuse.security:def:33394	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:32728	P	libqt4-sql-mysql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28087	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:28621	P	Security update for xorg-x11-libXv	2020-12-01
oval:org.opensuse.security:def:27905	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28577	P	Security update for pcp	2020-12-01
oval:org.opensuse.security:def:31896	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32507	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33366	P	Security update for openvpn-openssl1 (Moderate)	2020-12-01

BACK