CVE-2018-16877 HIGH

CVE-2018-16877

Vendor Clusterlabs
Product pacemaker
Weakness CWE-287 · Improper authentication
Published April 18, 2019
Last update August 5, 2024

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.

Key dates

02Disclosure timeline

April 18, 2019 CVE published
August 5, 2024 Record updated