#VU36623 Improper Authentication in Foreman - CVE-2018-14643

Cybersecurity Help s.r.o.

Published: 2018-09-21 | Updated: 2020-08-08

Vulnerability identifier: #VU36623

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-14643

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Foreman
Web applications / Remote management & hosting panels

Vendor: Foreman

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Foreman: All versions

External links
https://www.securityfocus.com/bid/105375
https://access.redhat.com/errata/RHSA-2018:2733
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14643
https://github.com/theforeman/smart_proxy_dynflow/pull/54

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Foreman

Red Hat Satellite 6 update for rubygem-smart_proxy_dynflow