CVE-2024-7700 — MEDIUM (6.5)

Vulnerability Description

A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Theforeman	Foreman	-
Redhat	Satellite	6.0

Related Weaknesses (CWE)

CWE-77

References

https://access.redhat.com/security/cve/CVE-2024-7700Third Party AdvisoryVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2304090Issue TrackingThird Party Advisory

FAQ

What is CVE-2024-7700?

CVE-2024-7700 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the nec...

How severe is CVE-2024-7700?

CVE-2024-7700 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-7700?

Check the references section above for vendor advisories and patch information. Affected products include: Theforeman Foreman, Redhat Satellite.