CVE-2015-1842

EUVD-2015-1953
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
redhatopenstack
𝑥
≤ 6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2015-0789.html
http://rhn.redhat.com/errata/RHSA-2015-0791.html
http://rhn.redhat.com/errata/RHSA-2015-0830.html
http://rhn.redhat.com/errata/RHSA-2015-0831.html
http://rhn.redhat.com/errata/RHSA-2015-0832.html
http://www.securityfocus.com/bid/74049
https://bugzilla.redhat.com/show_bug.cgi?id=1201875
http://rhn.redhat.com/errata/RHSA-2015-0789.html
http://rhn.redhat.com/errata/RHSA-2015-0791.html
http://rhn.redhat.com/errata/RHSA-2015-0830.html
http://rhn.redhat.com/errata/RHSA-2015-0831.html
http://rhn.redhat.com/errata/RHSA-2015-0832.html
http://www.securityfocus.com/bid/74049
https://bugzilla.redhat.com/show_bug.cgi?id=1201875