Base Score

HIGH7.5

CVE-2016-7797

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateMar 24, 2017, 15:59

Weakness Type (CWE):CWE-254

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://bugs.clusterlabs.org/show_bug.cgi?id=5269
http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00001.html
http://lists.opensuse.org/opensuse-updates/2016-12/msg00077.html
http://rhn.redhat.com/errata/RHSA-2016-2578.html
http://www.openwall.com/lists/oss-security/2016/10/01/1
http://www.securityfocus.com/bid/93261
https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410

Base Score

HIGH7.5

Weakness Type (CWE):CWE-254

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH