Vulnerability Details CVE-2015-1842
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.067
EPSS Ranking 90.9%
CVSS Severity
CVSS v2 Score 10.0
References
- http://rhn.redhat.com/errata/RHSA-2015-0789.html
- http://rhn.redhat.com/errata/RHSA-2015-0791.html
- http://rhn.redhat.com/errata/RHSA-2015-0830.html
- http://rhn.redhat.com/errata/RHSA-2015-0831.html
- http://rhn.redhat.com/errata/RHSA-2015-0832.html
- http://www.securityfocus.com/bid/74049
- https://bugzilla.redhat.com/show_bug.cgi?id=1201875
- http://rhn.redhat.com/errata/RHSA-2015-0789.html
- http://rhn.redhat.com/errata/RHSA-2015-0791.html
- http://rhn.redhat.com/errata/RHSA-2015-0830.html
- http://rhn.redhat.com/errata/RHSA-2015-0831.html
- http://rhn.redhat.com/errata/RHSA-2015-0832.html
- http://www.securityfocus.com/bid/74049
- https://bugzilla.redhat.com/show_bug.cgi?id=1201875
Products affected by CVE-2015-1842
-
cpe:2.3:a:redhat:openstack:-
-
cpe:2.3:a:redhat:openstack:1
-
cpe:2.3:a:redhat:openstack:2.0
-
cpe:2.3:a:redhat:openstack:2.1
-
cpe:2.3:a:redhat:openstack:3.0
-
cpe:2.3:a:redhat:openstack:4.0
-
cpe:2.3:a:redhat:openstack:5.0
-
cpe:2.3:a:redhat:openstack:6.0