CVE-2024-10963 HIGH

CVE-2024-10963: Pam: improper hostname interpretation in pam_access leads to access control bypass

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-287 · Improper authentication
Published November 7, 2024
Last update March 24, 2026

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

Key dates

02Disclosure timeline

November 7, 2024 CVE published
March 24, 2026 Record updated