CVE-2024-10963
CVE-2024-10963
Título es
CVE-2024-10963
Jue, 07/11/2024 – 16:15
Tipo
CWE-287
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-10963
Descripción en
A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.
07/11/2024
07/11/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
6.50
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Referencias
Enviar en el boletín
Off
