Published: 19/04/2017 Updated: 25/04/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

firewalld.py in firewalld prior to allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.

Vendor Advisories

Synopsis Moderate: firewalld security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for firewalld is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...
Debian Bug report logs - #834529 firewalld: CVE-2016-5410: Firewall configuration can be modified by any logged in user Package: src:firewalld; Maintainer for src:firewalld is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 16 A ...
A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users Any locally logged in user could use this flaw to tamper or change firewall settings ...
Oracle Linux Bulletin - October 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...