Metrics
Affected Vendors & Products
Wed, 18 Dec 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 21 Nov 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:rhel_eus:9.4::appstream |
|
References |
|
Sat, 16 Nov 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_eus:9.4 |
Tue, 12 Nov 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-94 |
Wed, 23 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 |
Wed, 23 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine. | A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. |
Wed, 23 Oct 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Els
Redhat rhel Eus Redhat rhel Tus |
|
CPEs | cpe:/o:redhat:enterprise_linux:8 |
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_eus:8.8::appstream cpe:/a:redhat:rhel_eus:9.2::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_els:7 |
Vendors & Products |
Redhat rhel Els
Redhat rhel Eus Redhat rhel Tus |
|
References |
|
|
Wed, 23 Oct 2024 01:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:rhel_e4s:9.0 cpe:/o:redhat:rhel_aus:7.7 |
|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Tue, 22 Oct 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Aus
|
|
CPEs | cpe:/o:redhat:rhel_aus:7.7::server | |
Vendors & Products |
Redhat rhel Aus
|
|
References |
|
Tue, 22 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel E4s
|
|
CPEs | cpe:/a:redhat:rhel_e4s:9.0::appstream | |
Vendors & Products |
Redhat rhel E4s
|
|
References |
|
Tue, 22 Oct 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 22 Oct 2024 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine. | |
Title | Networkmanager-libreswan: local privilege escalation via leftupdown | |
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
|
References |
| |
Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published: 2024-10-22T12:14:31.701Z
Updated: 2024-12-18T16:14:08.430Z
Reserved: 2024-09-20T18:25:24.574Z
Link: CVE-2024-9050
Updated: 2024-10-25T03:09:04.241Z
Status : Awaiting Analysis
Published: 2024-10-22T13:15:02.410
Modified: 2024-12-18T17:15:15.420
Link: CVE-2024-9050