CVE-2023-3899

high-risk

Published 2023-08-23

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Subscription-Manager

Fedora

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux For Arm 64

Enterprise Linux For Arm 64 Eus

Enterprise Linux For Ibm Z Systems

Affected Vendors

Redhat Fedoraproject

References (22)

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4701

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4702

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4703

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4704

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4705

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4706

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4707

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4708

Vendor Advisory https://access.redhat.com/security/cve/CVE-2023-3899

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2225407