CVE-2023-38994
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Oct 31, 2023
Updated: Jan 31, 2024
CWE ID 668
Summary
CVE-2023-38994 is a vulnerability affecting UCS 5.0-5's 'check_univention_joinstatus' Prometheus monitoring script. This issue exposes the LDAP plaintext password of the machine account in the process list, granting local SSH access to attackers. Despite default UCS configurations limiting local SSH access for regular users, unauthorized users with local SSH access can escalate privileges and execute further attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Univention GmbH