CVE-2023-3899 : A vulnerability was found in subscription-manager that allows local privilege es

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

Published 2023-08-23 11:15:08

Updated 2024-09-16 13:15:06

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2023-3899

Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Scientific Computing » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian Eus » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian Eus » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian Eus » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Big Endian » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems Eus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems Eus » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems Eus » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems Eus » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Subscription-manager
Versions before (<) 1.28.39
cpe:2.3:a:redhat:subscription-manager:*:*:*:*:*:*:*:*
Matching versions
Redhat » Subscription-manager
Versions from including (>=) 1.29.0 and before (<) 1.29.37
cpe:2.3:a:redhat:subscription-manager:*:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Update Services For Sap Solutions » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Update Services For Sap Solutions » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.1
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 Eus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 Eus » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 Eus » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 Eus » Version: 9.2
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Update Services For Sap Solutions » Version: 8.1
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Update Services For Sap Solutions » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Update Services For Sap Solutions » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Update Services For Sap Solutions » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Update Services For Sap Solutions » Version: 8.8
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 37
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 38
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-3899

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-3899

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	Red Hat, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-3899

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: secalert@redhat.com (Secondary)
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-3899

https://access.redhat.com/errata/RHSA-2023:4704

RHSA-2023:4704 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4706

RHSA-2023:4706 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2225407

2225407 – (CVE-2023-3899) CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration
Issue Tracking;Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4705

RHSA-2023:4705 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJHKSBBZRDFOBNDU35FUKMYQIQYT6UJQ/

[SECURITY] Fedora 38 Update: subscription-manager-1.29.37-1.fc38 - package-announce - Fedora Mailing-Lists
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDIHGNLS3TZVX7X2F735OKI4KXPY4AH6/

[SECURITY] Fedora 37 Update: subscription-manager-1.29.37-1.fc37 - package-announce - Fedora Mailing-Lists
https://access.redhat.com/security/cve/CVE-2023-3899

CVE-2023-3899- Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4702

RHSA-2023:4702 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4707

RHSA-2023:4707 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4701

RHSA-2023:4701 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4703

RHSA-2023:4703 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4708

RHSA-2023:4708 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-3899

Products affected by CVE-2023-3899

Exploit prediction scoring system (EPSS) score for CVE-2023-3899

CVSS scores for CVE-2023-3899

CWE ids for CVE-2023-3899

References for CVE-2023-3899