CVE-2021-44225
Description
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.044
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2022:1930) keepalived security and bug fix update keepalived-2.1.5-8.el8.x86_64.rpm | Linux |
| (RHSA-2022:1930) keepalived security and bug fix update keepalived-debugsource-2.1.5-8.el8.x86_64.rpm | Linux |
| keepalived security and bug fix update (RLSA-2022:1930) keepalived-2.1.5-8.el8.x86_64.rpm | Linux |
| (RHSA-2022:1930)Moderate: security and bug fix update keepalived-debuginfo-2.1.5-8.el8.x86_64.rpm | Linux |
| Keepalived update (ELSA-2022-1930) keepalived-2.1.5-8.el8.x86_64.rpm | Linux |
| keepalived Security Update (ALAS-2023-2168) keepalived-1.3.5-16.amzn2.0.4.x86_64.rpm | Linux |
| keepalived Security Update (ALAS2-2023-2168) keepalived-1.3.5-16.amzn2.0.4.x86_64.rpm | Linux |
| CVE-2021-44225 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234