What is CVE-2017-2663?

CVE-2017-2663 is a high-severity vulnerability in Red Hat Subscription-manager, classified under Privilege Context Switching Error. CVSS score: 8.2/10. Published 2018-07-27.

How severe is CVE-2017-2663?

High severity. CVSS v3 base score is 8.2 out of 10.

Vulnerability in Red Hat Subscription-manager

CVE-2017-2663

It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain…

EPSS: 0.001 (31.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Red Hat Subscription-manager — versions 1.19.4

Weakness classification (CWE)

CWE-270 — Privilege Context Switching Error

References

97015 (vdb-entry, x_refsource_BID)
github.com/candlepin/subscription-manager/commit/2aa48ef65 (x_refsource_CONFIRM)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2017-2663?: CVE-2017-2663 is a high-severity vulnerability in Red Hat Subscription-manager, classified under Privilege Context Switching Error. CVSS score: 8.2/10. Published 2018-07-27.
How severe is CVE-2017-2663?: High severity. CVSS v3 base score is 8.2 out of 10.