{"alias":[],"description":"An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.","epss":{"percentile":"0.2771","score":"0.001030"},"id":"CVE-2016-7035","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"LOW","access_vector":"LOCAL","authentication":"NONE","availability_impact":"COMPLETE","base_score":7.2,"base_severity":"HIGH","confidentiality_impact":"COMPLETE","exploitability_score":3.9,"impact_score":10.0,"integrity_impact":"COMPLETE","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":0,"vector_string":"AV:L\/AC:L\/Au:N\/C:C\/I:C\/A:C","version":"2.0"},"cvss3":{"attack_complexity":"LOW","attack_vector":"LOCAL","availability_impact":"HIGH","base_score":8.8,"base_severity":"HIGH","confidentiality_impact":"HIGH","exploitability_score":2.0,"impact_score":6.0,"integrity_impact":"HIGH","privileges_required":"LOW","scope":"CHANGED","user_interaction":"NONE","vector_string":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","version":"3.0"}},"modified":"2024-11-21T02:57:19","nvd_status":"Modified","published":"2018-09-10T16:29:00","score":8.8,"severity":"HIGH","source":"secalert@redhat.com","status":"PUBLISHED","weaknesses":[{"id":"CWE-285","name":"Improper Authorization","type":"weakness"}]}