CVE-2017-12164
Advisory lineage Upstream: 0 Downstream: 2
Modified
Published: 26 Jul 2018, 16:00
Last modified:05 Aug 2024, 18:28
Vulnerability Summary
Overall Risk (default)
medium
28/100 CVSS Score
6.9 MEDIUM
v2.0 (nvd)
EPSS Score
0.14% LOW
0% probability +0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
26 Jul 2018, 16:00
Published
Vulnerability first disclosed
05 Aug 2024, 18:28
Last Modified
Vulnerability information updated
Description
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
CVSS Metrics
- v3.0•MEDIUM•Score: 4.1CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
- v3.0•MEDIUM•Score: 6.4CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 0.14%• Percentile: 33%
Techniques & Countermeasures
- CWE-665•Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
- CWE-592•DEPRECATED: Authentication Bypass Issues
This weakness has been deprecated because it covered redundant concepts already described in CWE-287.
Affected Systems
- gnome•gdm
3.24.1
- gnome•gnome_display_manager
3.24.1