#VU688 Security bypass - CVE-2016-7031

Cybersecurity Help s.r.o.

Published: 2016-09-30 | Updated: 2016-09-30

Vulnerability identifier: #VU688

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-7031

CWE-ID: CWE-284

Exploitation vector: Local network

Exploit availability: No

Description
The vulnerability allows authenticated adjacent user to bypass security limitations on the target system.
The weakness is caused by insufficient security restrictions that allows a malicious user to bypass Access Control List (ACL) and obtain the contents of the RGW bucket.
Successful exploitaton of the vulnerability may result in access to the vulnerable system.

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for Red Hat Ceph Storage 1.3.3