CVE-2008-2139: Medium severity rpath appliance platform agent vulnerability
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2008-2139?
CVE-2008-2139 has a medium severity rating due to the potential for unauthorized privilege escalation.
How do I fix CVE-2008-2139?
To fix CVE-2008-2139, ensure that the rootpw plugin is updated to a secure version that re-validates browser requests.
What software is affected by CVE-2008-2139?
CVE-2008-2139 affects rPath Appliance Platform Agent versions 2 and 3.
What type of attack does CVE-2008-2139 expose systems to?
CVE-2008-2139 exposes systems to physical proximity attacks that can exploit the lack of re-validation in admin requests.
Is there a workaround for CVE-2008-2139?
Currently, the recommended approach is to implement the latest security updates since no specific workaround is available.