CVE-2024-45770

{"id": "CVE-2024-45770", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}]}, "published": "2024-09-19T09:15:02.613", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:6837", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6840", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6842", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6843", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6844", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6846", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6847", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6848", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:9452", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-45770", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310451", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Performance Co-Pilot (PCP). Esta falla solo se puede explotar si un atacante tiene acceso a una cuenta de sistema PCP comprometida. El problema est\u00e1 relacionado con la herramienta pmpost, que se utiliza para registrar mensajes en el sistema. En determinadas condiciones, se ejecuta con privilegios de alto nivel."}], "lastModified": "2024-11-12T18:15:35.643", "sourceIdentifier": "secalert@redhat.com"}