SB2017032702 - Man-in-the-middle attack in Red Hat Satellite
Published: March 27, 2017
Security Bulletin ID
SB2017032702
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Man-in-the-middle attack (CVE-ID: CVE-2017-2667)
The vulnerability allows an adjacent attacker to conduct man-in-the-middle attack.The weakness exists in the hammer_cli command line client due to disability of SSL/TLS certificate verification by default. An adjacent attacker can use man-in-the-middle techniques to spoof a valid certificate.
Remediation
Install update from vendor's website.