CVE-2016-0764 Details

CVE-2016-0764

Published: 2017-07-17
Last Modified: 2017-07-21
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.

Analysis
Common Vulnerability Score System v2.0
Severity Low
Base Score 2.1/10
Exploit Score 3.9/10
Access Vector Local
Access Complexity Low
Authentication None
Impact Score 2.9/10
Confidentiality Impact Partial
Availability Impact None
Integrity Impact None
Vector String AV:L/AC:L/Au:N/C:P/I:N/A:N
Common Vulnerability Score System v3.1
Severity Medium
Base Score 6.2/10
Exploit Score 2.5/10
Access Vector Local
Access Complexity Low
Privileges Required None
Impact Score 3.6/10
Confidentiality Impact High
Availability Impact None
Integrity Impact None
Scope Unchanged
User Interaction None
Vector String CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:a:redhat:network_manager:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* No - -
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:* No - -
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* No - -
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* No - -
References

http://rhn.redhat.com/errata/RHSA-2016-2581.html
https://bugzilla.redhat.com/show_bug.cgi?id=1324025

CVE ID
CVE-2016-0764
Published
2017-07-17
Modified
2017-07-21
CVSSv2.0
Low
CVSSv3.1
Medium
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-362

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.