Vulnerabilities > CVE-2016-4474 - 7PK - Security Features vulnerability in Redhat Openstack 7.0/8

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

redhat

CWE-254

NVD

Published: 2016-06-30

Updated: 2021-08-04

Summary

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Openstack 7.0 Redhat Openstack 8	2

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Redhat

advisories

rhsa
id RHSA-2016:1222
rhsa
id RHSA-2016:1223

rpms

rhosp-director-images-0:8.0-20160603.2.el7ost
rhosp-director-images-ipa-0:8.0-20160603.2.el7ost

References

https://rhn.redhat.com/errata/RHSA-2016-1223.html
http://rhn.redhat.com/errata/RHSA-2016-1222.html
https://access.redhat.com/security/vulnerabilities/2359821