CVE-2023-38994

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 31, 2023
Updated: Jan 31, 2024
CWE ID 668

Summary

CVE-2023-38994 is a vulnerability affecting UCS 5.0-5's 'check_univention_joinstatus' Prometheus monitoring script. This issue exposes the LDAP plaintext password of the machine account in the process list, granting local SSH access to attackers. Despite default UCS configurations limiting local SSH access for regular users, unauthorized users with local SSH access can escalate privileges and execute further attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share